Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MyStart by Incredibar virus removal help [Solved]

Started by Chouse28 , Feb 20 2012 03:32 PM

This topic is locked

#16
Chouse28

Posted 01 March 2012 - 06:23 PM

Member

Topic Starter
Member
27 posts

I do not know, but my girlfriend also has a computer here and she doesn't have a redirect problem either

#17
Chouse28

Posted 01 March 2012 - 06:27 PM

Member

Topic Starter
Member
27 posts

OTL FIX LOG:

========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : chouse
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2
Physical Address. . . . . . . . . : 00-16-36-BA-AD-1A
Ethernet adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter
Physical Address. . . . . . . . . : 00-1A-73-81-97-B6
Ethernet adapter Wireless Network Connection 8:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : D-Link DWA-130 Wireless N USB Adapter
Physical Address. . . . . . . . . : 1C-BD-B9-D9-F1-C1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.1.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.254
DHCP Server . . . . . . . . . . . : 172.16.1.254
DNS Servers . . . . . . . . . . . : 172.16.1.254
Lease Obtained. . . . . . . . . . : March 1, 2012 6:21:37 PM
Lease Expires . . . . . . . . . . : March 2, 2012 6:21:37 PM
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: home
Address: 172.16.1.254
Name: google.com
Addresses: 74.125.226.5, 74.125.226.6, 74.125.226.7, 74.125.226.8
74.125.226.9, 74.125.226.14, 74.125.226.0, 74.125.226.1, 74.125.226.2
74.125.226.3, 74.125.226.4
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: home
Address: 172.16.1.254
Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 98.139.127.62
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.226.3] with 32 bytes of data:
Reply from 74.125.226.3: bytes=32 time=47ms TTL=57
Reply from 74.125.226.3: bytes=32 time=52ms TTL=57
Ping statistics for 74.125.226.3:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 52ms, Average = 49ms
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=125ms TTL=49
Reply from 98.139.183.24: bytes=32 time=113ms TTL=49
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 113ms, Maximum = 125ms, Average = 119ms
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 36 ba ad 1a ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
0x3 ...00 1a 73 81 97 b6 ...... Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter - Packet Scheduler Miniport
0x10005 ...1c bd b9 d9 f1 c1 ...... D-Link DWA-130 Wireless N USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.254 172.16.1.66 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 172.16.1.66 172.16.1.66 20
172.16.1.0 255.255.255.0 172.16.1.66 172.16.1.66 25
172.16.1.66 255.255.255.255 127.0.0.1 127.0.0.1 25
172.16.255.255 255.255.255.255 172.16.1.66 172.16.1.66 25
224.0.0.0 240.0.0.0 172.16.1.66 172.16.1.66 25
255.255.255.255 255.255.255.255 172.16.1.66 2 1
255.255.255.255 255.255.255.255 172.16.1.66 3 1
255.255.255.255 255.255.255.255 172.16.1.66 172.16.1.66 1
Default Gateway: 172.16.1.254
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.33.1 log created on 03012012_182355

Edited by Chouse28, 02 March 2012 - 07:22 AM.

#18
Chouse28

Posted 01 March 2012 - 06:36 PM

Member

Topic Starter
Member
27 posts

New OTL Scan Log:

OTL logfile created on: 01/03/2012 6:28:58 PM - Run 3
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Chris.CHOUSE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 75.24% Memory free
3.78 Gb Paging File | 3.42 Gb Available in Paging File | 90.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 4.65 Gb Free Space | 7.94% Space Free | Partition Type: NTFS
Drive D: | 174.28 Gb Total Space | 151.28 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: CHOUSE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/09 16:45:54 | 000,373,080 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/06 16:34:26 | 000,221,184 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
MOD - [2009/03/24 14:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanSup.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/23 11:54:34 | 000,212,992 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanCtl.dll
MOD - [2008/06/27 10:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWps.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\acAuth.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 01:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)

========== Driver Services (SafeList) ==========

DRV - [2012/02/10 10:15:15 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/12/19 20:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/01 08:08:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:08:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/07 06:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/05/24 17:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/30 06:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 06:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 05:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/04 18:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 18:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/12/09 11:00:50 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/11 09:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FileServe"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: " http://www.google.co...m.my/search?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ef7f254-8bcc-48d6-b1bb-980964a775d0}: C:\Program Files\HDVid Web Player\HDVidFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 21:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM\idmmzcc5

[2011/04/25 12:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Extensions
[2012/03/01 18:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions
[2012/02/11 22:57:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/01 18:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions\staged
[2011/08/31 11:26:22 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\conduit.xml
[2011/05/15 10:11:24 | 000,002,532 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\speedbit.xml
[2012/02/10 13:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/17 21:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/28 16:22:01 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINXP\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1313618912328 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95B36804-FAE4-490E-83D4-F4F84D72B9F3}: DhcpNameServer = 172.16.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/26 15:51:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 16:15:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 16:13:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2012/02/28 16:13:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2012/02/28 16:13:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2012/02/28 16:13:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2012/02/28 16:13:29 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2012/02/28 16:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 16:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris.CHOUSE\Start Menu\Programs\Administrative Tools
[2012/02/28 16:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Favorites
[2012/02/28 15:58:02 | 004,420,957 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/27 17:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Malwarebytes
[2012/02/27 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 17:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
[2012/02/27 17:54:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012/02/27 17:41:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/24 17:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\PCHealth
[2012/02/22 22:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\My Documents\Outlook Files
[2012/02/22 21:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BoxeeBrowser
[2012/02/22 21:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/22 21:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Start Menu\Programs\Boxee
[2012/02/22 21:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Boxee
[2012/02/20 15:22:46 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\PC Tools
[2012/02/20 14:36:49 | 000,000,000 | ---D | C] -- C:\WINXP\CSC
[2012/02/15 22:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\SharePoint
[2012/02/15 22:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/02/15 22:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Microsoft
[2012/02/15 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/15 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
[2012/02/15 22:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
[2012/02/14 18:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Free Video Joiner
[2012/02/14 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2012/02/12 18:26:17 | 000,000,000 | ---D | C] -- C:\android
[2012/02/12 15:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2012/02/12 15:32:50 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/02/12 15:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/10 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/10 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\D-Link
[2012/02/10 12:27:01 | 000,000,000 | ---D | C] -- C:\WINXP\pcidevice
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Real
[2012/02/04 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\calibre - E-book Management
[2012/02/04 11:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
[2012/02/04 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Kobo
[2012/02/04 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2012/02/01 16:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\.shsh
[2012/01/31 21:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Premiumplay Codec-C
[2012/01/31 21:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012/01/31 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DivX
[2012/01/31 21:36:52 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/01/31 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2012/01/31 21:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate

========== Files - Modified Within 30 Days ==========

[2012/03/01 18:29:31 | 000,000,418 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/03/01 18:25:58 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/03/01 18:25:56 | 000,096,939 | ---- | M] () -- C:\WINXP\System32\nvModes.001
[2012/03/01 18:25:47 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoSweep.job
[2012/03/01 18:25:26 | 000,185,128 | ---- | M] () -- C:\WINXP\System32\nvapps.xml
[2012/03/01 18:25:21 | 000,000,280 | ---- | M] () -- C:\WINXP\tasks\SmartDefrag_Startup.job
[2012/03/01 18:25:19 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/03/01 07:32:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ui2mol3l.exe
[2012/02/29 21:02:05 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:00:49 | 000,000,292 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoUpdate.job
[2012/02/28 16:22:01 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/28 16:16:01 | 000,000,335 | RHS- | M] () -- C:\boot.ini
[2012/02/28 15:58:30 | 004,420,957 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/26 09:01:30 | 000,096,939 | ---- | M] () -- C:\WINXP\System32\nvModes.dat
[2012/02/25 11:29:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/02/24 17:01:30 | 000,294,864 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/02/24 17:00:32 | 000,000,288 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoCare.job
[2012/02/24 16:34:36 | 000,497,268 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/02/24 16:34:36 | 000,085,586 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/02/24 16:32:26 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:57:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/15 22:41:30 | 000,000,219 | ---- | M] () -- C:\Boot.bak
[2012/02/12 18:57:00 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/10 13:33:51 | 000,000,898 | ---- | M] () -- C:\user.js
[2012/02/10 13:23:46 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:38 | 000,376,832 | ---- | M] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/10 12:27:13 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/04 11:42:59 | 000,000,033 | ---- | M] () -- C:\affiliate.conf
[2012/02/01 17:05:41 | 000,000,792 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts.umbrella

========== Files Created - No Company Name ==========

[2012/03/01 07:32:31 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ui2mol3l.exe
[2012/02/28 16:16:01 | 000,000,219 | ---- | C] () -- C:\Boot.bak
[2012/02/28 16:15:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 16:13:35 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2012/02/28 16:13:35 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2012/02/28 16:13:35 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2012/02/28 16:13:35 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2012/02/28 16:13:35 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\dllcache\iacenc.dll
[2012/02/20 14:57:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/12 18:57:00 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/12 15:32:39 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/02/10 13:23:46 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:13 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\wlndis50.sys
[2012/02/10 12:27:13 | 000,010,667 | ---- | C] () -- C:\WINXP\System32\wlndis50.cat
[2012/02/10 12:27:13 | 000,001,593 | ---- | C] () -- C:\WINXP\System32\wlndis50.inf
[2012/02/10 12:27:13 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/10 12:24:33 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/04 11:42:59 | 000,000,033 | ---- | C] () -- C:\affiliate.conf
[2012/02/02 21:37:24 | 000,000,898 | ---- | C] () -- C:\user.js
[2012/01/15 12:08:03 | 000,014,776 | ---- | C] () -- C:\WINXP\System32\drivers\SmartDefragDriver.sys
[2012/01/03 01:28:06 | 002,570,286 | ---- | C] () -- C:\WINXP\System32\abgx360.exe
[2011/12/29 08:50:44 | 000,000,337 | ---- | C] () -- C:\WINXP\lgfwup.ini
[2011/12/07 20:12:28 | 000,000,233 | ---- | C] () -- C:\WINXP\Brpfx04a.ini
[2011/12/07 20:12:28 | 000,000,093 | ---- | C] () -- C:\WINXP\brpcfx.ini
[2011/12/07 20:12:12 | 000,003,302 | ---- | C] () -- C:\WINXP\BRPARAM.INI
[2011/12/07 20:11:14 | 000,000,000 | ---- | C] () -- C:\WINXP\brdfxspd.dat
[2011/12/07 20:11:07 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\BRTCPCON.DLL
[2011/12/07 20:11:03 | 000,000,114 | ---- | C] () -- C:\WINXP\System32\BRLMW03A.INI
[2011/12/05 17:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\winscp.rnd
[2011/10/12 20:47:07 | 000,175,616 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2011/09/13 23:59:31 | 000,259,584 | ---- | C] () -- C:\WINXP\System32\TomsMoComp_ff.dll
[2011/09/13 23:59:31 | 000,251,904 | ---- | C] () -- C:\WINXP\System32\ff_kernelDeint.dll
[2011/09/13 23:59:31 | 000,136,704 | ---- | C] () -- C:\WINXP\System32\libmpeg2_ff.dll
[2011/09/13 23:59:30 | 003,872,256 | ---- | C] () -- C:\WINXP\System32\ffmpeg.dll
[2011/09/13 23:59:30 | 001,524,224 | ---- | C] () -- C:\WINXP\System32\ff_samplerate.dll
[2011/09/13 23:59:30 | 001,175,371 | ---- | C] () -- C:\WINXP\System32\unins000.exe
[2011/09/13 23:59:30 | 000,327,680 | ---- | C] () -- C:\WINXP\System32\ff_libfaad2.dll
[2011/09/13 23:59:30 | 000,211,456 | ---- | C] () -- C:\WINXP\System32\ff_libdts.dll
[2011/09/13 23:59:30 | 000,158,208 | ---- | C] () -- C:\WINXP\System32\ff_unrar.dll
[2011/09/13 23:59:30 | 000,145,920 | ---- | C] () -- C:\WINXP\System32\ff_libmad.dll
[2011/09/13 23:59:30 | 000,113,664 | ---- | C] () -- C:\WINXP\System32\ff_liba52.dll
[2011/09/13 23:59:30 | 000,045,965 | ---- | C] () -- C:\WINXP\System32\unins000.dat
[2011/09/13 23:52:31 | 000,917,504 | ---- | C] () -- C:\WINXP\System32\dtsdecoderdll.dll
[2011/09/13 23:52:31 | 000,258,048 | ---- | C] () -- C:\WINXP\System32\libFLAC.dll
[2011/09/12 23:00:50 | 001,097,728 | ---- | C] () -- C:\WINXP\System32\vorbis.dll
[2011/09/12 23:00:50 | 000,909,312 | ---- | C] () -- C:\WINXP\System32\vorbisenc.dll
[2011/09/12 23:00:50 | 000,237,568 | ---- | C] () -- C:\WINXP\System32\OggDS.dll
[2011/09/12 23:00:50 | 000,036,734 | ---- | C] () -- C:\WINXP\System32\OggDSuninst.exe
[2011/09/12 23:00:50 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\ogg.dll
[2011/09/10 00:13:04 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/07/27 14:20:41 | 000,018,440 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011/07/25 16:21:05 | 000,451,072 | ---- | C] () -- C:\WINXP\System32\ISSRemoveSP.exe
[2011/07/25 16:18:48 | 000,016,480 | ---- | C] () -- C:\WINXP\System32\rixdicon.dll
[2011/07/25 16:15:56 | 000,010,084 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2011/07/25 16:14:53 | 000,096,939 | ---- | C] () -- C:\WINXP\System32\nvModes.dat
[2011/07/15 14:38:06 | 000,000,016 | ---- | C] () -- C:\WINXP\System32\PCProxyOff.ini
[2011/07/15 13:37:03 | 000,032,256 | ---- | C] () -- C:\WINXP\System32\AVSredirect.dll
[2011/07/15 13:32:48 | 000,107,520 | RHS- | C] () -- C:\WINXP\System32\TAKDSDecoder.dll
[2011/05/20 14:27:09 | 000,000,094 | ---- | C] () -- C:\WINXP\awshkwv.ini
[2011/05/15 10:00:33 | 000,109,216 | ---- | C] () -- C:\WINXP\System32\EasyHook64.dll
[2011/05/15 10:00:33 | 000,090,784 | ---- | C] () -- C:\WINXP\System32\EasyHook32.dll
[2011/04/30 13:21:56 | 000,000,066 | ---- | C] () -- C:\WINXP\wininit.ini
[2011/04/25 23:42:01 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 20:57:18 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\drivers\WLNdis50.sys
[2011/04/25 12:47:28 | 000,000,050 | ---- | C] () -- C:\WINXP\MegaManager.INI
[2011/04/25 12:27:49 | 000,073,728 | ---- | C] () -- C:\WINXP\VMInstNT.exe
[2011/04/25 12:27:49 | 000,040,960 | ---- | C] () -- C:\WINXP\VM303UninstNT.exe
[2011/04/25 11:46:29 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/04/25 11:39:25 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/04/25 05:28:09 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/04/25 05:26:40 | 000,294,864 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011/03/18 08:08:17 | 000,415,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2011/12/07 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\ControlCenter4
[2011/10/11 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\EasyMP3Downloader
[2011/05/01 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\FileServe Limited
[2012/01/15 11:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Innovative Solutions
[2012/02/10 13:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2011/08/24 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit
[2011/12/29 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LightScribe
[2011/11/30 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MumboJumbo
[2012/01/31 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2011/09/11 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RapidSolution
[2012/01/15 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\SpeedBit
[2011/05/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\vsosdk
[2011/06/03 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/25 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/04 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\abgx360
[2011/12/12 07:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\AppKeys
[2011/06/04 08:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BabylonToolbar
[2012/02/28 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/22 21:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/01/12 17:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ControlCenter4
[2012/01/23 17:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DMCache
[2011/12/29 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoft
[2011/10/14 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers
[2011/10/11 16:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\EasyMP3Downloader
[2011/04/26 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ElevatedDiagnostics
[2011/11/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ezNZB
[2011/10/13 19:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Garmin
[2011/09/12 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\GetRightToGo
[2012/01/23 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM
[2011/04/25 13:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ImgBurn
[2011/10/25 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IObit
[2012/02/12 15:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2011/07/25 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leadertech
[2011/10/12 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leawo
[2011/09/12 22:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\mkvtoolnix
[2011/06/26 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Nicalis
[2012/01/23 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenCandy
[2011/05/13 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenOffice.org
[2012/01/24 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Orbit
[2011/05/31 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\PokerCreations
[2012/01/23 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ProgSense
[2011/12/31 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\redsn0w
[2011/06/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Rovio
[2011/12/11 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ShoppingDaisy
[2011/04/30 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\TeamViewer
[2011/09/11 07:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Tunebite
[2011/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\UFC Poker
[2012/01/13 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Vso
[2012/01/18 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Xilisoft
[2012/02/24 17:00:32 | 000,000,288 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoCare.job
[2012/03/01 18:25:47 | 000,000,290 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoSweep.job
[2012/02/29 17:00:49 | 000,000,292 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoUpdate.job
[2012/03/01 18:25:21 | 000,000,280 | ---- | M] () -- C:\WINXP\Tasks\SmartDefrag_Startup.job
[2012/03/01 18:29:31 | 000,000,418 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job

========== Purity Check ==========

< End of report >

Edited by Chouse28, 02 March 2012 - 07:23 AM.

#19
Chouse28

Posted 01 March 2012 - 10:54 PM

Member

Topic Starter
Member
27 posts

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-01 22:53:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD25 rev.01.0
Running: ui2mol3l.exe; Driver: C:\DOCUME~1\CHRIS~1.CHO\LOCALS~1\Temp\kwtdqpob.sys

---- System - GMER 1.0.15 ----

SSDT AA02DEC4 ZwClose
SSDT AA02DE7E ZwCreateKey
SSDT AA02DECE ZwCreateSection
SSDT AA02DE74 ZwCreateThread
SSDT AA02DE83 ZwDeleteKey
SSDT AA02DE8D ZwDeleteValueKey
SSDT AA02DEBF ZwDuplicateObject
SSDT AA02DE92 ZwLoadKey
SSDT AA02DE60 ZwOpenProcess
SSDT AA02DE65 ZwOpenThread
SSDT AA02DE9C ZwReplaceKey
SSDT AA02DE97 ZwRestoreKey
SSDT AA02DED3 ZwSetContextThread
SSDT AA02DE88 ZwSetValueKey
SSDT AA02DE6F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINXP\system32\DRIVERS\nv4_mini.sys section is writeable [0xB957B380, 0x380DFD, 0xE8000020]

---- EOF - GMER 1.0.15 ----

Edited by Chouse28, 02 March 2012 - 07:21 AM.

#20
maliprog

Posted 02 March 2012 - 03:10 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Chouse28,

Looks like there are still leftovers that causing us this mess. We'll try to remove them now. Test Firefox after this fix and let me know results.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::

Firefox::
FF - ProfilePath - c:\documents and settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\
FF - prefs.js: browser.search.defaulturl -
FF - user.js: extensions.incredibar_i.newTab -
FF - user.js: extensions.incredibar_i.tlbrSrchUrl -
FF - user.js: extensions.incredibar_i.id -
FF - user.js: extensions.incredibar_i.hardId -
FF - user.js: extensions.incredibar_i.instlDay -
FF - user.js: extensions.incredibar_i.vrsn -
FF - user.js: extensions.incredibar_i.vrsni -
FF - user.js: extensions.incredibar_i.vrsnTs -
FF - user.js: extensions.incredibar_i.prtnrId -
FF - user.js: extensions.incredibar_i.prdct -
FF - user.js: extensions.incredibar_i.aflt -
FF - user.js: extensions.incredibar_i.smplGrp -
FF - user.js: extensions.incredibar_i.tlbrId -
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr -
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 -
FF - user.js: extensions.incredibar_i.upn2n -
FF - user.js: extensions.incredibar_i.productid -
FF - user.js: extensions.incredibar_i.installerproductid -
FF - user.js: extensions.incredibar_i.did -
FF - user.js: extensions.incredibar_i.ppd -

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#21
Chouse28

Posted 02 March 2012 - 04:57 PM

Member

Topic Starter
Member
27 posts

Combofix Log:

ComboFix 12-02-27.02 - Chris 02/03/2012 16:38:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1381 [GMT -6:00]
Running from: c:\documents and settings\Chris.CHOUSE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris.CHOUSE\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-02-27 23:54 . 2012-02-27 23:54 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\Malwarebytes
2012-02-27 23:54 . 2012-02-27 23:54 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Malwarebytes
2012-02-27 23:54 . 2011-12-10 21:24 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys
2012-02-27 23:41 . 2012-02-27 23:41 -------- d-----w- C:\_OTL
2012-02-26 02:16 . 2007-08-23 22:45 307200 ----a-w- c:\winxp\system32\nvexpbar.dll
2012-02-24 23:05 . 2012-02-24 23:05 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\PCHealth
2012-02-24 15:03 . 2012-01-11 19:06 3072 -c----w- c:\winxp\system32\dllcache\iacenc.dll
2012-02-24 15:03 . 2012-01-11 19:06 3072 ------w- c:\winxp\system32\iacenc.dll
2012-02-23 03:33 . 2012-02-23 03:34 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\BoxeeBrowser
2012-02-23 03:29 . 2012-02-23 03:29 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\BOXEE
2012-02-23 03:28 . 2012-02-23 03:29 -------- d-----w- c:\program files\Boxee
2012-02-20 20:37 . 2012-02-20 20:37 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\PC Tools
2012-02-16 04:38 . 2012-02-16 04:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\documents and settings\All Users.WINXP\Microsoft
2012-02-16 04:34 . 2012-02-16 04:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-02-16 04:33 . 2012-02-16 04:33 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
2012-02-16 04:32 . 2012-02-16 04:44 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Microsoft Help
2012-02-15 00:01 . 2012-02-15 03:55 -------- d-----w- c:\program files\Free Video Joiner
2012-02-13 00:26 . 2012-02-13 00:30 -------- d-----w- C:\android
2012-02-12 21:33 . 2012-02-12 21:33 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\Jason Robitaille
2012-02-12 21:32 . 2012-02-25 20:53 -------- d-----w- c:\winxp\system32\LogFiles
2012-02-12 21:31 . 2011-03-15 22:35 581192 ----a-w- c:\winxp\system32\WinUSBCoInstaller.dll
2012-02-12 21:31 . 2011-03-15 22:35 1112288 ----a-w- c:\winxp\system32\WdfCoInstaller01007.dll
2012-02-12 21:31 . 2012-02-13 00:50 -------- d-----w- c:\program files\Palm, Inc
2012-02-10 19:22 . 2012-02-29 05:23 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\BitTorrent
2012-02-10 19:22 . 2012-02-10 19:22 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
2012-02-10 18:27 . 2012-02-10 18:27 21361 ----a-w- c:\winxp\system32\drivers\AegisP.sys
2012-02-10 18:27 . 2008-02-27 16:54 20480 ----a-w- c:\winxp\system32\wlndis50.sys
2012-02-10 18:27 . 2012-02-10 18:27 -------- d-----w- c:\winxp\pcidevice
2012-02-10 18:27 . 2009-08-06 04:23 588032 ----a-w- c:\winxp\system32\drivers\RTL8192su.sys
2012-02-10 18:24 . 2012-02-10 18:27 376832 ----a-w- c:\winxp\system32\AegisI5Installer.exe
2012-02-09 21:45 . 2012-02-10 17:31 -------- d-----w- c:\program files\Real
2012-02-04 17:52 . 2012-02-04 17:54 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\calibre
2012-02-04 17:52 . 2012-02-29 23:34 -------- d-----w- c:\program files\Calibre2
2012-02-04 17:42 . 2012-02-04 17:42 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
2012-02-04 17:41 . 2012-02-04 17:42 -------- d-----w- c:\program files\Kobo
2012-02-03 03:37 . 2012-02-10 19:33 898 ----a-w- C:\user.js
2012-02-01 22:55 . 2012-02-01 22:55 -------- d-----w- c:\documents and settings\Chris.CHOUSE\.shsh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:53 . 2011-07-25 22:10 16400 ----a-w- c:\winxp\system32\drivers\LNonPnP.sys
2012-02-10 16:15 . 2011-02-26 22:14 822272 ----a-w- c:\winxp\system32\drivers\BCMWL5.SYS
2012-01-12 16:54 . 2010-12-14 16:18 1869056 ----a-w- c:\winxp\system32\win32k.sys
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\winxp\system32\abgx360.exe
2011-12-29 14:52 . 2011-12-29 14:48 16384 ----a-w- c:\winxp\system32\lgfwunis.exe
2011-12-20 02:46 . 2011-12-20 02:46 37376 ----a-w- c:\winxp\system32\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 21504 ----a-w- c:\winxp\system32\drivers\libusb0.sys
2011-12-17 19:45 . 2010-12-14 16:19 919552 ----a-w- c:\winxp\system32\wininet.dll
2011-12-17 19:45 . 2010-12-14 16:19 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2011-12-17 19:45 . 2010-12-14 16:19 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2011-12-16 23:21 . 2012-01-15 18:08 29016 ----a-w- c:\winxp\system32\SmartDefragBootTime.exe
2011-12-16 12:32 . 2010-12-14 16:19 385024 ----a-w- c:\winxp\system32\html.iec
2012-02-18 03:07 . 2012-02-10 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 18:06 163328 --sha-r- c:\winxp\system32\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\winxp\system32\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\winxp\system32\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\winxp\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_22.22.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-02 22:32 . 2012-03-02 22:32 16384 c:\winxp\Temp\Perflib_Perfdata_144.dat
+ 2011-07-25 22:14 . 2012-03-02 00:41 27839 c:\winxp\system32\nvModes.dat
+ 2012-02-29 23:34 . 2012-02-29 23:34 813568 c:\winxp\Installer\3443a2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-08-09 373080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2008-08-20 13537280]
"nwiz"="nwiz.exe" [2008-08-20 1630208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-2-10 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Chris.CHOUSE^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Chris.CHOUSE\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\winxp\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 22:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 00:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-06-20 21:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2011-08-09 22:45 373080 ----a-w- c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Chris.CHOUSE\\Desktop\\Programs\\redsn0w_win_0.9.10b1\\redsn0w.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 SmartDefragDriver;SmartDefragDriver;c:\winxp\system32\drivers\SmartDefragDriver.sys [15/01/2012 12:08 PM 14776]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15/01/2012 12:00 PM 328536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2011 4:19 PM 136360]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24/08/2011 5:39 PM 820568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winxp\system32\drivers\LBeepKE.sys [25/07/2011 4:10 PM 12184]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [15/03/2011 4:35 PM 61440]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\winxp\system32\drivers\WLNdis50.sys [25/04/2011 8:57 PM 20480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\winxp\system32\drivers\RTL8192su.sys [10/02/2012 12:27 PM 588032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [10/02/2012 12:27 PM 167936]
S3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\winxp\system32\drivers\dwarusb.sys [24/04/2011 1:22 PM 592384]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [07/12/2011 8:11 PM 245760]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/02/2011 4:14 PM 193840]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\winxp\system32\drivers\libusb0.sys [19/12/2011 8:46 PM 21504]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 5:51 PM 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\winxp\system32\drivers\netaapl.sys [15/10/2011 9:31 AM 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 8:37 PM 4640000]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24/08/2011 5:39 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24/08/2011 5:39 PM 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\winxp\system32\svchost.exe -k WINRM [14/04/2008 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24/08/2011 5:39 PM 239600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 21:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-02-24 c:\winxp\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2012-01-15 22:38]
.
2012-03-02 c:\winxp\Tasks\ASC4_AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2012-01-15 22:38]
.
2012-02-29 c:\winxp\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2012-01-15 22:38]
.
2012-03-02 c:\winxp\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-24 20:26]
.
2012-03-02 c:\winxp\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
- c:\winxp\system32\msfeedssync.exe [2008-04-14 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 16:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1228)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(436)
c:\winxp\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
c:\winxp\system32\WindowsPowerShell\v1.0\pwrshsip.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
Completion time: 2012-03-02 16:49:58
ComboFix-quarantined-files.txt 2012-03-02 22:49
ComboFix2.txt 2012-02-28 22:24
.
Pre-Run: 4,925,579,264 bytes free
Post-Run: 4,902,313,984 bytes free
.
- - End Of File - - 956699D583B3969D48986102709D9549

#22
Chouse28

Posted 02 March 2012 - 04:58 PM

Member

Topic Starter
Member
27 posts

I just did a google search again, and it is still searching with MyStart.

This seems to be a bugger to get rid of. Do you have anymore ideas?

I appreciate you help!

#23
maliprog

Posted 03 March 2012 - 04:15 AM

Trusted Helper

Malware Removal
6,172 posts

Can you try to uninstall Firefox from your system. Make sure to save all favorites and passwords.

Download new Firefox and install it. This should help. Let me know results.

#24
Chouse28

Posted 03 March 2012 - 07:31 AM

Member

Topic Starter
Member
27 posts

Unfortunately that did not work either

#25
Chouse28

Posted 03 March 2012 - 11:52 AM

Member

Topic Starter
Member
27 posts

It almost seems after I run the OTL and Combofix's, that Firefox is faster but as soon as I try to do a search, it gets bogged down again. Is it possible that every time I test to see if MyStart is gone and it isn't, that is puts whatever is causing it back on my computer? It may not be the case at all, but that is what I have observed.

Is it weird that when I use the Google search in the top right corner of Firefox, that is actually uses Google, but when I use the main Google search when Firefox opens that is uses MyStart.

#26
maliprog

Posted 03 March 2012 - 01:25 PM

Trusted Helper

Malware Removal
6,172 posts

Thank you for that info. I have one idea what to do next.

Run OTL again

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

C:\Program Files\Common Files\ComObjects\*.* /s

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

#27
Chouse28

Posted 03 March 2012 - 06:37 PM

Member

Topic Starter
Member
27 posts

OTL Log:

OTL logfile created on: 03/03/2012 6:28:38 PM - Run 4
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Chris.CHOUSE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 76.02% Memory free
3.78 Gb Paging File | 3.39 Gb Available in Paging File | 89.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 4.46 Gb Free Space | 7.61% Space Free | Partition Type: NTFS
Drive D: | 174.28 Gb Total Space | 152.82 Gb Free Space | 87.69% Space Free | Partition Type: NTFS

Computer Name: CHOUSE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
PRC - [2011/08/09 16:45:54 | 000,373,080 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/06 16:34:26 | 000,221,184 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
MOD - [2009/03/24 14:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanSup.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/23 11:54:34 | 000,212,992 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanCtl.dll
MOD - [2008/06/27 10:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWps.dll
MOD - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\msdmo.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\acAuth.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 01:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)

========== Driver Services (SafeList) ==========

DRV - [2012/02/10 10:15:15 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/12/19 20:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/01 08:08:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:08:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/07 06:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/05/24 17:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/30 06:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 06:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 05:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/04 18:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 18:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/12/09 11:00:50 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/11 09:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FileServe"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: " http://www.google.co...m.my/search?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ef7f254-8bcc-48d6-b1bb-980964a775d0}: C:\Program Files\HDVid Web Player\HDVidFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/03 07:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM\idmmzcc5

[2011/04/25 12:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Extensions
[2012/03/01 21:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions
[2012/03/01 21:20:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/31 11:26:22 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\conduit.xml
[2011/05/15 10:11:24 | 000,002,532 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\speedbit.xml
[2012/03/03 07:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/16 08:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 04:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 04:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/28 16:22:01 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINXP\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1313618912328 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95B36804-FAE4-490E-83D4-F4F84D72B9F3}: DhcpNameServer = 172.16.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/26 15:51:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 07:28:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/01 18:41:29 | 000,000,000 | ---D | C] -- C:\WINXP\Minidump
[2012/02/28 16:15:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 16:13:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2012/02/28 16:13:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2012/02/28 16:13:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2012/02/28 16:13:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2012/02/28 16:13:29 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2012/02/28 16:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 16:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris.CHOUSE\Start Menu\Programs\Administrative Tools
[2012/02/28 16:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Favorites
[2012/02/28 15:58:02 | 004,420,957 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/27 17:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Malwarebytes
[2012/02/27 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 17:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
[2012/02/27 17:54:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012/02/27 17:41:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/24 17:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\PCHealth
[2012/02/22 22:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\My Documents\Outlook Files
[2012/02/22 21:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BoxeeBrowser
[2012/02/22 21:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/22 21:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Start Menu\Programs\Boxee
[2012/02/22 21:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Boxee
[2012/02/20 15:22:46 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\PC Tools
[2012/02/20 14:36:49 | 000,000,000 | ---D | C] -- C:\WINXP\CSC
[2012/02/15 22:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\SharePoint
[2012/02/15 22:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/02/15 22:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Microsoft
[2012/02/15 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/15 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
[2012/02/15 22:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
[2012/02/14 18:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Free Video Joiner
[2012/02/14 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2012/02/12 18:26:17 | 000,000,000 | ---D | C] -- C:\android
[2012/02/12 15:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2012/02/12 15:32:50 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/02/12 15:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/10 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/10 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\D-Link
[2012/02/10 12:27:01 | 000,000,000 | ---D | C] -- C:\WINXP\pcidevice
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Real
[2012/02/04 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\calibre - E-book Management
[2012/02/04 11:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
[2012/02/04 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Kobo
[2012/02/04 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo

========== Files - Modified Within 30 Days ==========

[2012/03/03 18:25:29 | 000,000,418 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/03/03 17:30:00 | 000,000,292 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoUpdate.job
[2012/03/03 14:10:38 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/03 11:57:41 | 000,084,412 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\My Documents\elle.jpg
[2012/03/03 11:29:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/03/03 07:29:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/03 07:29:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/03/03 07:24:21 | 000,000,280 | ---- | M] () -- C:\WINXP\tasks\SmartDefrag_Startup.job
[2012/03/03 07:24:19 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/03/03 07:24:18 | 000,027,839 | ---- | M] () -- C:\WINXP\System32\nvModes.001
[2012/03/03 07:24:03 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoSweep.job
[2012/03/03 07:23:53 | 000,185,128 | ---- | M] () -- C:\WINXP\System32\nvapps.xml
[2012/03/03 07:23:46 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/03/02 17:00:06 | 000,000,288 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoCare.job
[2012/03/01 18:41:49 | 000,027,839 | ---- | M] () -- C:\WINXP\System32\nvModes.dat
[2012/03/01 07:32:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ui2mol3l.exe
[2012/02/28 16:22:01 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/28 16:16:01 | 000,000,335 | RHS- | M] () -- C:\boot.ini
[2012/02/28 15:58:30 | 004,420,957 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/24 17:01:30 | 000,294,864 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/02/24 16:34:36 | 000,497,268 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/02/24 16:34:36 | 000,085,586 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/02/24 16:32:26 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:57:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/15 22:41:30 | 000,000,219 | ---- | M] () -- C:\Boot.bak
[2012/02/12 18:57:00 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/10 13:33:51 | 000,000,898 | ---- | M] () -- C:\user.js
[2012/02/10 13:23:46 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 12:27:38 | 000,376,832 | ---- | M] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/10 12:27:13 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/04 11:42:59 | 000,000,033 | ---- | M] () -- C:\affiliate.conf

========== Files Created - No Company Name ==========

[2012/03/03 11:57:39 | 000,084,412 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\My Documents\elle.jpg
[2012/03/03 07:29:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/03 07:29:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/03 07:29:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/03/01 07:32:31 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ui2mol3l.exe
[2012/02/28 16:16:01 | 000,000,219 | ---- | C] () -- C:\Boot.bak
[2012/02/28 16:15:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 16:13:35 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2012/02/28 16:13:35 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2012/02/28 16:13:35 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2012/02/28 16:13:35 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2012/02/28 16:13:35 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\dllcache\iacenc.dll
[2012/02/20 14:57:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/12 18:57:00 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/12 15:32:39 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/02/10 13:23:46 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 12:27:13 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\wlndis50.sys
[2012/02/10 12:27:13 | 000,010,667 | ---- | C] () -- C:\WINXP\System32\wlndis50.cat
[2012/02/10 12:27:13 | 000,001,593 | ---- | C] () -- C:\WINXP\System32\wlndis50.inf
[2012/02/10 12:27:13 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/10 12:24:33 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/04 11:42:59 | 000,000,033 | ---- | C] () -- C:\affiliate.conf
[2012/02/02 21:37:24 | 000,000,898 | ---- | C] () -- C:\user.js
[2012/01/15 12:08:03 | 000,014,776 | ---- | C] () -- C:\WINXP\System32\drivers\SmartDefragDriver.sys
[2012/01/03 01:28:06 | 002,570,286 | ---- | C] () -- C:\WINXP\System32\abgx360.exe
[2011/12/29 08:50:44 | 000,000,337 | ---- | C] () -- C:\WINXP\lgfwup.ini
[2011/12/07 20:12:28 | 000,000,233 | ---- | C] () -- C:\WINXP\Brpfx04a.ini
[2011/12/07 20:12:28 | 000,000,093 | ---- | C] () -- C:\WINXP\brpcfx.ini
[2011/12/07 20:12:12 | 000,003,302 | ---- | C] () -- C:\WINXP\BRPARAM.INI
[2011/12/07 20:11:14 | 000,000,000 | ---- | C] () -- C:\WINXP\brdfxspd.dat
[2011/12/07 20:11:07 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\BRTCPCON.DLL
[2011/12/07 20:11:03 | 000,000,114 | ---- | C] () -- C:\WINXP\System32\BRLMW03A.INI
[2011/12/05 17:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\winscp.rnd
[2011/10/12 20:47:07 | 000,175,616 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2011/09/13 23:59:31 | 000,259,584 | ---- | C] () -- C:\WINXP\System32\TomsMoComp_ff.dll
[2011/09/13 23:59:31 | 000,251,904 | ---- | C] () -- C:\WINXP\System32\ff_kernelDeint.dll
[2011/09/13 23:59:31 | 000,136,704 | ---- | C] () -- C:\WINXP\System32\libmpeg2_ff.dll
[2011/09/13 23:59:30 | 003,872,256 | ---- | C] () -- C:\WINXP\System32\ffmpeg.dll
[2011/09/13 23:59:30 | 001,524,224 | ---- | C] () -- C:\WINXP\System32\ff_samplerate.dll
[2011/09/13 23:59:30 | 001,175,371 | ---- | C] () -- C:\WINXP\System32\unins000.exe
[2011/09/13 23:59:30 | 000,327,680 | ---- | C] () -- C:\WINXP\System32\ff_libfaad2.dll
[2011/09/13 23:59:30 | 000,211,456 | ---- | C] () -- C:\WINXP\System32\ff_libdts.dll
[2011/09/13 23:59:30 | 000,158,208 | ---- | C] () -- C:\WINXP\System32\ff_unrar.dll
[2011/09/13 23:59:30 | 000,145,920 | ---- | C] () -- C:\WINXP\System32\ff_libmad.dll
[2011/09/13 23:59:30 | 000,113,664 | ---- | C] () -- C:\WINXP\System32\ff_liba52.dll
[2011/09/13 23:59:30 | 000,045,965 | ---- | C] () -- C:\WINXP\System32\unins000.dat
[2011/09/13 23:52:31 | 000,917,504 | ---- | C] () -- C:\WINXP\System32\dtsdecoderdll.dll
[2011/09/13 23:52:31 | 000,258,048 | ---- | C] () -- C:\WINXP\System32\libFLAC.dll
[2011/09/12 23:00:50 | 001,097,728 | ---- | C] () -- C:\WINXP\System32\vorbis.dll
[2011/09/12 23:00:50 | 000,909,312 | ---- | C] () -- C:\WINXP\System32\vorbisenc.dll
[2011/09/12 23:00:50 | 000,237,568 | ---- | C] () -- C:\WINXP\System32\OggDS.dll
[2011/09/12 23:00:50 | 000,036,734 | ---- | C] () -- C:\WINXP\System32\OggDSuninst.exe
[2011/09/12 23:00:50 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\ogg.dll
[2011/09/10 00:13:04 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/07/27 14:20:41 | 000,018,440 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011/07/25 16:21:05 | 000,451,072 | ---- | C] () -- C:\WINXP\System32\ISSRemoveSP.exe
[2011/07/25 16:18:48 | 000,016,480 | ---- | C] () -- C:\WINXP\System32\rixdicon.dll
[2011/07/25 16:15:56 | 000,010,084 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2011/07/25 16:14:53 | 000,027,839 | ---- | C] () -- C:\WINXP\System32\nvModes.dat
[2011/07/15 14:38:06 | 000,000,016 | ---- | C] () -- C:\WINXP\System32\PCProxyOff.ini
[2011/07/15 13:37:03 | 000,032,256 | ---- | C] () -- C:\WINXP\System32\AVSredirect.dll
[2011/07/15 13:32:48 | 000,107,520 | RHS- | C] () -- C:\WINXP\System32\TAKDSDecoder.dll
[2011/05/20 14:27:09 | 000,000,094 | ---- | C] () -- C:\WINXP\awshkwv.ini
[2011/05/15 10:00:33 | 000,109,216 | ---- | C] () -- C:\WINXP\System32\EasyHook64.dll
[2011/05/15 10:00:33 | 000,090,784 | ---- | C] () -- C:\WINXP\System32\EasyHook32.dll
[2011/04/30 13:21:56 | 000,000,066 | ---- | C] () -- C:\WINXP\wininit.ini
[2011/04/25 23:42:01 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 20:57:18 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\drivers\WLNdis50.sys
[2011/04/25 12:47:28 | 000,000,050 | ---- | C] () -- C:\WINXP\MegaManager.INI
[2011/04/25 12:27:49 | 000,073,728 | ---- | C] () -- C:\WINXP\VMInstNT.exe
[2011/04/25 12:27:49 | 000,040,960 | ---- | C] () -- C:\WINXP\VM303UninstNT.exe
[2011/04/25 11:46:29 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/04/25 11:39:25 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/04/25 05:28:09 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/04/25 05:26:40 | 000,294,864 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011/03/18 08:08:17 | 000,415,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2011/12/07 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\ControlCenter4
[2011/10/11 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\EasyMP3Downloader
[2011/05/01 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\FileServe Limited
[2012/01/15 11:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Innovative Solutions
[2012/02/10 13:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2011/08/24 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit
[2011/12/29 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LightScribe
[2011/11/30 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MumboJumbo
[2012/01/31 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2011/09/11 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RapidSolution
[2012/01/15 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\SpeedBit
[2011/05/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\vsosdk
[2011/06/03 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/25 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/04 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\abgx360
[2011/12/12 07:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\AppKeys
[2011/06/04 08:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BabylonToolbar
[2012/02/28 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/22 21:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/01/12 17:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ControlCenter4
[2012/01/23 17:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DMCache
[2011/12/29 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoft
[2011/10/14 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers
[2011/10/11 16:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\EasyMP3Downloader
[2011/04/26 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ElevatedDiagnostics
[2011/11/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ezNZB
[2011/10/13 19:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Garmin
[2011/09/12 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\GetRightToGo
[2012/01/23 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM
[2011/04/25 13:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ImgBurn
[2011/10/25 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IObit
[2012/02/12 15:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2011/07/25 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leadertech
[2011/10/12 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leawo
[2011/09/12 22:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\mkvtoolnix
[2011/06/26 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Nicalis
[2012/01/23 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenCandy
[2011/05/13 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenOffice.org
[2012/01/24 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Orbit
[2011/05/31 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\PokerCreations
[2012/01/23 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ProgSense
[2011/12/31 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\redsn0w
[2011/06/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Rovio
[2011/12/11 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ShoppingDaisy
[2011/04/30 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\TeamViewer
[2011/09/11 07:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Tunebite
[2011/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\UFC Poker
[2012/01/13 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Vso
[2012/01/18 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Xilisoft
[2012/03/02 17:00:06 | 000,000,288 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoCare.job
[2012/03/03 07:24:03 | 000,000,290 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoSweep.job
[2012/03/03 17:30:00 | 000,000,292 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoUpdate.job
[2012/03/03 07:24:21 | 000,000,280 | ---- | M] () -- C:\WINXP\Tasks\SmartDefrag_Startup.job
[2012/03/03 18:25:29 | 000,000,418 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job

========== Purity Check ==========

========== Custom Scans ==========

< C:\Program Files\Common Files\ComObjects\*.* /s >

< End of report >

#28
maliprog

Posted 04 March 2012 - 05:30 AM

Trusted Helper

Malware Removal
6,172 posts

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

#29
Chouse28

Posted 04 March 2012 - 05:05 PM

Member

Topic Starter
Member
27 posts

I ran Avast and it deleted 36 files but unfortunately, it did not help.

This is the log it created. (The bottom looks a bit funny because it couldn't fit the last 2 results on the first picture, so I copied and pasted the last 2)

Edited by Chouse28, 04 March 2012 - 05:13 PM.

#30
maliprog

Posted 05 March 2012 - 01:16 AM

Trusted Helper

Malware Removal
6,172 posts

Can you find this file

c:\documents and settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\prefs.js

ZIP it and attach it here for me in your next reply.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,318 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

MyStart by Incredibar virus removal help [Solved]

#16
Chouse28

Posted 01 March 2012 - 06:23 PM

Advertisements

#17
Chouse28

Posted 01 March 2012 - 06:27 PM

#18
Chouse28

Posted 01 March 2012 - 06:36 PM

#19
Chouse28

Posted 01 March 2012 - 10:54 PM

#20
maliprog

Posted 02 March 2012 - 03:10 PM

#21
Chouse28

Posted 02 March 2012 - 04:57 PM

#22
Chouse28

Posted 02 March 2012 - 04:58 PM

#23
maliprog

Posted 03 March 2012 - 04:15 AM

#24
Chouse28

Posted 03 March 2012 - 07:31 AM

#25
Chouse28

Posted 03 March 2012 - 11:52 AM

Advertisements

#26
maliprog

Posted 03 March 2012 - 01:25 PM

#27
Chouse28

Posted 03 March 2012 - 06:37 PM

#28
maliprog

Posted 04 March 2012 - 05:30 AM

#29
Chouse28

Posted 04 March 2012 - 05:05 PM

#30
maliprog

Posted 05 March 2012 - 01:16 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

MyStart by Incredibar virus removal help [Solved]

#16 Chouse28 Posted 01 March 2012 - 06:23 PM

Advertisements

#17 Chouse28 Posted 01 March 2012 - 06:27 PM

#18 Chouse28 Posted 01 March 2012 - 06:36 PM

#19 Chouse28 Posted 01 March 2012 - 10:54 PM

#20 maliprog Posted 02 March 2012 - 03:10 PM

#21 Chouse28 Posted 02 March 2012 - 04:57 PM

#22 Chouse28 Posted 02 March 2012 - 04:58 PM

#23 maliprog Posted 03 March 2012 - 04:15 AM

#24 Chouse28 Posted 03 March 2012 - 07:31 AM

#25 Chouse28 Posted 03 March 2012 - 11:52 AM

Advertisements

#26 maliprog Posted 03 March 2012 - 01:25 PM

#27 Chouse28 Posted 03 March 2012 - 06:37 PM

#28 maliprog Posted 04 March 2012 - 05:30 AM

#29 Chouse28 Posted 04 March 2012 - 05:05 PM

#30 maliprog Posted 05 March 2012 - 01:16 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#16
Chouse28

Posted 01 March 2012 - 06:23 PM

#17
Chouse28

Posted 01 March 2012 - 06:27 PM

#18
Chouse28

Posted 01 March 2012 - 06:36 PM

#19
Chouse28

Posted 01 March 2012 - 10:54 PM

#20
maliprog

Posted 02 March 2012 - 03:10 PM

#21
Chouse28

Posted 02 March 2012 - 04:57 PM

#22
Chouse28

Posted 02 March 2012 - 04:58 PM

#23
maliprog

Posted 03 March 2012 - 04:15 AM

#24
Chouse28

Posted 03 March 2012 - 07:31 AM

#25
Chouse28

Posted 03 March 2012 - 11:52 AM

#26
maliprog

Posted 03 March 2012 - 01:25 PM

#27
Chouse28

Posted 03 March 2012 - 06:37 PM

#28
maliprog

Posted 04 March 2012 - 05:30 AM

#29
Chouse28

Posted 04 March 2012 - 05:05 PM

#30
maliprog

Posted 05 March 2012 - 01:16 AM