Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

sempai, possible infection second scan as asked


  • Please log in to reply

#1
keithiverson

keithiverson

    Member

  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 2/29/2012 10:05:59 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Robin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 462.77 Mb Available Physical Memory | 45.22% Memory free
2.41 Gb Paging File | 1.80 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.73 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME1-20C44E28C | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 10:05:38 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\My Documents\Downloads\OTL.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/01 18:32:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/02/01 06:17:17 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/11/29 07:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/14 04:40:17 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/06/10 10:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/02 00:51:34 | 000,409,320 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 05:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:42:18 | 000,015,872 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmremote.exe
PRC - [2008/02/27 10:18:38 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 08:29:31 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/29 07:37:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/18 16:23:00 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/18 15:09:06 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/06/18 15:09:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/18 15:08:53 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/22 13:55:42 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinwcuiDLL.dll
MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinHWStatus.dll
MOD - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/03/19 00:04:22 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/02/01 06:17:17 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/10/26 04:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2005/06/07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...xplorer/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25462

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=21"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...id=101&sr=0&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/02/01 06:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/29 07:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 18:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com [2012/02/02 00:57:46 | 000,000,000 | ---D | M]

[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2012/02/02 01:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions
[2011/06/21 19:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 09:43:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/02 01:08:32 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/02/02 00:57:46 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com
[2012/02/01 06:17:34 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\Search_Results.xml
[2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 01:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/22 01:45:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/29 07:37:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 14:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/29 07:37:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NP32DSW.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: GameVance = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/06/18 14:01:25 | 000,003,031 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.248.160.148 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 89.248.160.148 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 89.248.160.148 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 89.248.160.148 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 89.248.160.148 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 89.248.160.148 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 89.248.160.148 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 89.248.160.148 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 89.248.160.148 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 89.248.160.148 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 89.248.160.148 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 89.248.160.148 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 30 more lines...
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Exent_SDM] C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...TQ&n=2011011020 File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DBCDED-4B62-4E41-9E6E-749E6168BBD9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697BDEF8-8768-4504-A2CD-44E0E9F5B9EE}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\iebho.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 19:41:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/03 02:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 10:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2000/10/06 06:55:47 | 000,030,208 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 22:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/02/26 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2012/02/26 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2012/02/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Mythic
[2012/02/25 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Received Files
[2012/02/18 02:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WildWestStory
[2012/02/08 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/02/08 22:50:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/08 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2012/02/03 02:01:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/02 01:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\searchqutoolbar
[2012/02/02 00:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bandoo
[2012/02/01 06:17:19 | 000,038,320 | ---- | C] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2012/02/01 06:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2012/02/01 06:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2012/02/01 02:51:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 09:37:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/29 08:29:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 08:28:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 08:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 19:09:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2012/02/28 16:11:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
[2012/02/28 14:27:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/02/28 12:08:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/27 11:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:53:18 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/02/26 17:53:17 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/02/26 17:53:17 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/02/26 17:35:14 | 000,000,191 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:24:18 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 17:24:14 | 000,000,798 | ---- | M] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | M] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/25 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/25 13:46:54 | 000,000,208 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/25 07:36:25 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 21:40:44 | 000,000,059 | ---- | M] () -- C:\WINDOWS\BS.INI
[2012/02/18 02:58:11 | 000,000,471 | ---- | M] () -- C:\Program Files\021820122581156.bat
[2012/02/18 02:45:57 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/02/17 17:15:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012/02/16 17:04:13 | 000,485,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 17:04:13 | 000,088,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 16:51:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/08 22:50:34 | 000,016,910 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/08 22:50:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/03 07:14:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/01 06:17:16 | 000,038,320 | ---- | M] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 19:09:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:24:14 | 000,000,798 | ---- | C] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | C] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/26 17:24:14 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:23:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 09:32:13 | 000,256,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 13:46:54 | 000,000,208 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/18 02:58:11 | 000,000,471 | ---- | C] () -- C:\Program Files\021820122581156.bat
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 22:50:34 | 000,016,910 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/01 14:15:49 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Robin\Start Menu\Programs\Internet Explorer.lnk
[2012/02/01 05:55:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/04 09:55:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/04 09:55:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/04 09:55:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/10/23 09:21:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/19 14:17:10 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/06/26 18:49:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2011/05/19 04:40:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/02/07 19:40:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2011/02/05 21:41:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2011/02/05 21:39:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BP.INI
[2011/01/30 15:39:46 | 000,000,115 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2011/01/30 15:27:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/01/30 15:22:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BS.INI
[2011/01/30 14:04:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/30 13:12:10 | 000,015,170 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/01/30 12:29:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/01/30 12:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BB.INI
[2011/01/04 20:04:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2011/01/04 01:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/04 00:04:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/02 22:12:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/02 13:05:26 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\ClockTraySkins.ini
[2011/01/01 22:23:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/01 22:23:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/01 22:23:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/01 22:23:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/01 22:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DontSort.ini
[2011/01/01 19:53:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/01/01 19:45:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 19:38:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6125FEA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello keithiverson and welcome to G2G, sorry about the delay.

I need to see a fresh log so please run another scan with OTL and post the new report for my review. Thanks.
  • 0

#3
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 3/6/2012 11:36:57 AM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Robin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 462.34 Mb Available Physical Memory | 45.18% Memory free
2.41 Gb Paging File | 1.92 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.99 Gb Free Space | 71.56% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME1-20C44E28C | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 22:53:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\My Documents\Downloads\OTL(1).exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/01 18:32:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/02/01 06:17:17 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/11/29 07:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/14 04:40:17 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/06/10 10:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/02 00:51:34 | 000,409,320 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 10:18:38 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 11:35:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/29 07:37:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/18 15:09:06 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/06/18 15:09:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/18 15:08:53 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2008/02/22 13:55:42 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinwcuiDLL.dll
MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinHWStatus.dll
MOD - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/03/19 00:04:22 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/02/01 06:17:17 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/10/26 04:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2005/06/07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...xplorer/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30230760-DB59-43A1-BE27-E62C9E488E2A}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{3113A5FF-A480-4726-985B-181F71362C87}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{3457295B-586D-4F60-8F1F-5EE449399E91}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCD80E61-A1BC-4A2A-97FC-46948202229F}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{E88E7B31-FC91-40DB-A7D0-9CC810D95CD9}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25462

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=21"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...id=101&sr=0&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/02/01 06:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/29 07:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 18:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com [2012/02/02 00:57:46 | 000,000,000 | ---D | M]

[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2012/02/02 01:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions
[2011/06/21 19:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 09:43:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/02 01:08:32 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/02/02 00:57:46 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com
[2012/02/01 06:17:34 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\Search_Results.xml
[2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 01:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/22 01:45:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/29 07:37:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 14:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/29 07:37:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NP32DSW.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: GameVance = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/06/18 14:01:25 | 000,003,031 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.248.160.148 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 89.248.160.148 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 89.248.160.148 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 89.248.160.148 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 89.248.160.148 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 89.248.160.148 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 89.248.160.148 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 89.248.160.148 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 89.248.160.148 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 89.248.160.148 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 89.248.160.148 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 89.248.160.148 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 30 more lines...
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Exent_SDM] C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...TQ&n=2011011020 File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DBCDED-4B62-4E41-9E6E-749E6168BBD9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697BDEF8-8768-4504-A2CD-44E0E9F5B9EE}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\iebho.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 19:41:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/03 02:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 10:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2012/03/02 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TorchED
[2012/03/02 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Datalode
[2012/03/02 23:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Torchlight
[2012/02/26 22:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/02/26 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2012/02/26 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2012/02/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Mythic
[2012/02/25 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Received Files
[2012/02/18 02:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WildWestStory
[2012/02/08 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/02/08 22:50:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/08 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 11:38:59 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
[2012/03/06 11:37:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 11:35:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/03/06 11:35:24 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 11:35:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/06 11:34:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/05 23:24:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2012/03/05 20:25:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2012/03/05 18:59:03 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/03/05 18:59:02 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/03/05 18:59:02 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/03/05 02:07:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2012/03/03 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/03 08:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/02/28 12:08:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/27 11:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:35:14 | 000,000,191 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:24:18 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 17:24:14 | 000,000,798 | ---- | M] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | M] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/25 13:46:54 | 000,000,208 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/25 07:36:25 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 21:40:44 | 000,000,059 | ---- | M] () -- C:\WINDOWS\BS.INI
[2012/02/18 02:58:11 | 000,000,471 | ---- | M] () -- C:\Program Files\021820122581156.bat
[2012/02/18 02:45:57 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/02/17 17:15:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012/02/16 17:04:13 | 000,485,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 17:04:13 | 000,088,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/08 22:50:34 | 000,016,910 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/08 22:50:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 11:35:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2012/03/05 23:24:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata18.sqm
[2012/03/05 20:25:37 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2012/03/05 02:07:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2012/03/03 08:40:20 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | C] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:24:14 | 000,000,798 | ---- | C] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | C] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/26 17:24:14 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:23:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 09:32:13 | 000,256,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 13:46:54 | 000,000,208 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/18 02:58:11 | 000,000,471 | ---- | C] () -- C:\Program Files\021820122581156.bat
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 22:50:34 | 000,016,910 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/01/04 09:55:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/04 09:55:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/04 09:55:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/10/23 09:21:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/19 14:17:10 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/06/26 18:49:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2011/05/19 04:40:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/02/07 19:40:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2011/02/05 21:41:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2011/02/05 21:39:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BP.INI
[2011/01/30 15:39:46 | 000,000,115 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2011/01/30 15:27:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/01/30 15:22:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BS.INI
[2011/01/30 14:04:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/30 13:12:10 | 000,015,170 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/01/30 12:29:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/01/30 12:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BB.INI
[2011/01/04 20:04:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2011/01/04 01:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/04 00:04:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/02 22:12:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/02 13:05:26 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\ClockTraySkins.ini
[2011/01/01 22:23:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/01 22:23:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/01 22:23:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/01 22:23:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/01 22:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DontSort.ini
[2011/01/01 19:53:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/01/01 19:45:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 19:38:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6125FEA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >
first scan-
OTL logfile created on: 2/29/2012 10:05:59 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Robin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 462.77 Mb Available Physical Memory | 45.22% Memory free
2.41 Gb Paging File | 1.80 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.73 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME1-20C44E28C | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 10:05:38 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\My Documents\Downloads\OTL.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/01 18:32:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/02/01 06:17:17 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/11/29 07:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/14 04:40:17 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/06/10 10:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/02 00:51:34 | 000,409,320 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 05:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:42:18 | 000,015,872 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmremote.exe
PRC - [2008/02/27 10:18:38 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 08:29:31 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/29 07:37:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/18 16:23:00 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/18 15:09:06 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/06/18 15:09:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/18 15:08:53 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/22 13:55:42 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinwcuiDLL.dll
MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinHWStatus.dll
MOD - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/03/19 00:04:22 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/02/01 06:17:17 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/10/26 04:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2005/06/07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah...xplorer/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25462

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=21"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...id=101&sr=0&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/02/01 06:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/29 07:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 18:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com [2012/02/02 00:57:46 | 000,000,000 | ---D | M]

[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2012/02/02 01:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions
[2011/06/21 19:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 09:43:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/02 01:08:32 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/02/02 00:57:46 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com
[2012/02/01 06:17:34 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\Search_Results.xml
[2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 01:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/22 01:45:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/29 07:37:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 14:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/29 07:37:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NP32DSW.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: GameVance = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/06/18 14:01:25 | 000,003,031 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.248.160.148 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 89.248.160.148 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 89.248.160.148 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 89.248.160.148 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 89.248.160.148 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 89.248.160.148 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 89.248.160.148 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 89.248.160.148 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 89.248.160.148 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 89.248.160.148 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 89.248.160.148 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 89.248.160.148 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 30 more lines...
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Exent_SDM] C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...TQ&n=2011011020 File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DBCDED-4B62-4E41-9E6E-749E6168BBD9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697BDEF8-8768-4504-A2CD-44E0E9F5B9EE}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\iebho.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 19:41:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/03 02:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 10:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dbaec2-55f4-11bd-bc9b-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2000/10/06 06:55:47 | 000,030,208 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 22:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/02/26 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2012/02/26 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2012/02/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Mythic
[2012/02/25 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Received Files
[2012/02/18 02:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WildWestStory
[2012/02/08 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/02/08 22:50:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/08 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2012/02/03 02:01:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/02 01:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\searchqutoolbar
[2012/02/02 00:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bandoo
[2012/02/01 06:17:19 | 000,038,320 | ---- | C] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2012/02/01 06:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2012/02/01 06:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2012/02/01 02:51:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 09:37:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/29 08:29:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 08:28:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 08:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 19:09:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2012/02/28 16:11:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
[2012/02/28 14:27:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/02/28 12:08:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/27 11:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:53:18 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/02/26 17:53:17 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/02/26 17:53:17 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/02/26 17:35:14 | 000,000,191 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:24:18 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 17:24:14 | 000,000,798 | ---- | M] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | M] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/25 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/25 13:46:54 | 000,000,208 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/25 07:36:25 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 21:40:44 | 000,000,059 | ---- | M] () -- C:\WINDOWS\BS.INI
[2012/02/18 02:58:11 | 000,000,471 | ---- | M] () -- C:\Program Files\021820122581156.bat
[2012/02/18 02:45:57 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/02/17 17:15:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012/02/16 17:04:13 | 000,485,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 17:04:13 | 000,088,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 16:51:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/08 22:50:34 | 000,016,910 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/08 22:50:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/03 07:14:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/01 06:17:16 | 000,038,320 | ---- | M] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 19:09:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:24:14 | 000,000,798 | ---- | C] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | C] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/26 17:24:14 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:23:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 09:32:13 | 000,256,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 13:46:54 | 000,000,208 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:54 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/18 02:58:11 | 000,000,471 | ---- | C] () -- C:\Program Files\021820122581156.bat
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 22:50:34 | 000,016,910 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/01 14:15:49 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Robin\Start Menu\Programs\Internet Explorer.lnk
[2012/02/01 05:55:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/04 09:55:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/04 09:55:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/04 09:55:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/10/23 09:21:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/19 14:17:10 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/06/26 18:49:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2011/05/19 04:40:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
[2011/02/07 19:40:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2011/02/05 21:41:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2011/02/05 21:39:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BP.INI
[2011/01/30 15:39:46 | 000,000,115 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2011/01/30 15:27:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/01/30 15:22:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BS.INI
[2011/01/30 14:04:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/30 13:12:10 | 000,015,170 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/01/30 12:29:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/01/30 12:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BB.INI
[2011/01/04 20:04:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2011/01/04 01:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/04 00:04:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/02 22:12:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/02 13:05:26 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\ClockTraySkins.ini
[2011/01/01 22:23:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/01 22:23:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/01 22:23:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/01 22:23:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/01 22:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DontSort.ini
[2011/01/01 19:53:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/01/01 19:45:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 19:38:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6125FEA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >
  • 0

#4
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok that is done, along with a copy of first scan. ty for ur attention to this

OT: I merged all of these posts into a single topic. Please use the Add Reply button when responding to prevent multiple topics regarding a single issue.

Edited by OldTimer, 06 March 2012 - 04:26 PM.

  • 0

#5
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Next time, please do not start a new topic if you already have an active topic. This will create confusion and may cause some delays.


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    PRC - [2012/02/01 06:17:17 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    PRC - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
    PRC - [2011/11/14 04:40:17 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    SRV - [2012/02/01 06:17:17 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    SRV - [2011/12/14 07:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{CCD80E61-A1BC-4A2A-97FC-46948202229F}: "URL" = http://findgala.com/...q={searchTerms}
    IE - HKCU\..\SearchScopes\{3113A5FF-A480-4726-985B-181F71362C87}: "URL" = http://delicious.com...p={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25462
    FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
    FF - prefs.js..network.proxy.type: 4
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/02/01 06:17:34 | 000,000,000 | ---D | M]
    [2012/02/02 01:08:32 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/02/02 00:57:46 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com
    [2012/02/01 06:17:34 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKCU..\Run: [Exent_SDM] C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe (Exent Technologies Ltd.)
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O8 - Extra context menu item: &Search - http://edits.mywebse...TQ&n=2011011020 File not found
    O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~1\window~4\datamngr\iebho.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
    [2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
    [2011/05/07 23:04:21 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\MyWebSearch
    C:\Program Files\Bandoo
    C:\Program Files\Windows Searchqu Toolbar
    
    :Commands
    [EmptyJava]
    [RESETHOSTS]
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#6
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HERE IS HOPING DIDNT ASK FOR RESTART BUT GOING TO ANYWAY. HERE IS REPORT.
========== OTL ==========
Process MWSOEMON.EXE killed successfully!
Process Bandoo.exe killed successfully!
No active process named datamngrUI.exe was found!
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE moved successfully.
Service Bandoo Coordinator stopped successfully!
Service Bandoo Coordinator deleted successfully!
C:\Program Files\Bandoo\Bandoo.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCD80E61-A1BC-4A2A-97FC-46948202229F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCD80E61-A1BC-4A2A-97FC-46948202229F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3113A5FF-A480-4726-985B-181F71362C87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3113A5FF-A480-4726-985B-181F71362C87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com\content folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com\components folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com\chrome folder moved successfully.
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\m3ffxtbr@mywebsearch.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exent_SDM deleted successfully.
C:\Documents and Settings\Robin\Local Settings\Temp\SDM143\Free Ride Games.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\window~4\datamngr\datamngr.dll deleted successfully.
c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\window~4\datamngr\iebho.dll deleted successfully.
c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll deleted successfully.
c:\Program Files\Bandoo\BndHook.dll moved successfully.
C:\Documents and Settings\Robin\Local Settings\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy moved successfully.
C:\Documents and Settings\All Users\Application Data\re15525dl3y7e4hemd3d26i4u6tdmmy moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Robin\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Robin\My Documents\Downloads\cmd.txt deleted successfully.
C:\Program Files\MyWebSearch\bar\wbnotify folder moved successfully.
C:\Program Files\MyWebSearch\bar\Settings folder moved successfully.
C:\Program Files\MyWebSearch\bar\Overlay folder moved successfully.
C:\Program Files\MyWebSearch\bar\Notifier folder moved successfully.
C:\Program Files\MyWebSearch\bar\Message folder moved successfully.
C:\Program Files\MyWebSearch\bar\jsifb folder moved successfully.
C:\Program Files\MyWebSearch\bar\IE9Mesg folder moved successfully.
C:\Program Files\MyWebSearch\bar\icons folder moved successfully.
C:\Program Files\MyWebSearch\bar\gen1 folder moved successfully.
C:\Program Files\MyWebSearch\bar\Game folder moved successfully.
C:\Program Files\MyWebSearch\bar\Avatar folder moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome folder moved successfully.
C:\Program Files\MyWebSearch\bar\1.bin folder moved successfully.
C:\Program Files\MyWebSearch\bar folder moved successfully.
C:\Program Files\MyWebSearch folder moved successfully.
C:\Program Files\Bandoo\Resources\tutorial\images folder moved successfully.
C:\Program Files\Bandoo\Resources\tutorial folder moved successfully.
C:\Program Files\Bandoo\Resources folder moved successfully.
C:\Program Files\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images folder moved successfully.
C:\Program Files\Bandoo\Plugins\Yahoo\Resources\Toolbar folder moved successfully.
C:\Program Files\Bandoo\Plugins\Yahoo\Resources\HTML folder moved successfully.
C:\Program Files\Bandoo\Plugins\Yahoo\Resources folder moved successfully.
C:\Program Files\Bandoo\Plugins\Yahoo folder moved successfully.
C:\Program Files\Bandoo\Plugins\MSN\Resources\Toolbar\Images folder moved successfully.
C:\Program Files\Bandoo\Plugins\MSN\Resources\Toolbar folder moved successfully.
C:\Program Files\Bandoo\Plugins\MSN\Resources\HTML folder moved successfully.
C:\Program Files\Bandoo\Plugins\MSN\Resources folder moved successfully.
C:\Program Files\Bandoo\Plugins\MSN folder moved successfully.
C:\Program Files\Bandoo\Plugins\IE\Resources\HTML folder moved successfully.
C:\Program Files\Bandoo\Plugins\IE\Resources folder moved successfully.
C:\Program Files\Bandoo\Plugins\IE folder moved successfully.
C:\Program Files\Bandoo\Plugins folder moved successfully.
C:\Program Files\Bandoo folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.HOME1-20C44E28C

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Robin
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.35.1 log created on 03062012_203545
  • 0

#7
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please run Combofix and then tell me any issues that you have.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#8
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 12-03-06.01 - Robin 03/07/2012 11:56:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -6:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Robin\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf
c:\documents and settings\Robin\Application Data\PC Security Guardian
c:\documents and settings\Robin\Application Data\PC Security Guardian\cookies.sqlite
c:\documents and settings\Robin\Application Data\PriceGong
c:\documents and settings\Robin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Robin\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Robin\WINDOWS
c:\program files\FunWebProducts
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 02:35 . 2012-03-07 02:35 -------- d-----w- C:\_OTL
2012-03-03 05:28 . 2012-03-03 05:28 -------- d-----w- c:\program files\Common Files\Datalode
2012-02-29 00:31 . 2008-04-14 11:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-02-26 23:24 . 2012-02-26 23:24 -------- d-----w- c:\windows\BBSTORE
2012-02-26 23:21 . 2012-02-26 23:40 -------- d-----w- c:\program files\Myst
2012-02-26 22:23 . 2012-02-26 22:23 -------- d-----w- C:\Mythic
2012-02-18 08:58 . 2012-02-18 08:58 471 ----a-w- c:\program files\021820122581156.bat
2012-02-18 08:46 . 2012-02-18 08:47 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WildWestStory
2012-02-16 23:36 . 2012-02-16 23:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-16 22:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 22:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 04:50 . 2012-02-09 04:50 2829 ----a-w- c:\windows\DIIUnin.pif
2012-02-09 04:50 . 2012-02-09 04:50 94208 ----a-w- c:\windows\DIIUnin.exe
2012-02-09 04:44 . 2012-03-05 07:56 -------- d-----w- c:\program files\Diablo II
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 00:59 . 2012-01-04 15:55 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-03-06 00:59 . 2012-01-04 15:55 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-03-06 00:59 . 2012-01-04 15:55 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-02-01 12:17 . 2012-02-01 12:17 38320 ----a-w- c:\windows\system32\f3PSSavr.scr
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-29 13:37 . 2011-10-06 20:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
"Akamai NetSession Interface"="c:\documents and settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-2-27 1736704]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2011-8-19 4545024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 19:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-08 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-03-19 06:05 630784 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Robin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Robin\\My Documents\\Downloads\\SweetImSetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [8/19/2011 2:17 PM 266240]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [8/19/2011 2:17 PM 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1/1/2011 8:17 PM 57344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2011 10:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2011 10:01 PM 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [8/19/2011 2:17 PM 360529]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:01]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:01]
.
2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=21
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=101&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Exetender - c:\program files\Free Ride Games\GPlayer.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
AddRemove-Bandoo - c:\program files\Bandoo\uninstaller.exe
AddRemove-Marine Aquarium 2, Sharks & Carousel Bundle - c:\program files\Prolific Publishing
AddRemove-Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 12:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-07 12:13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 18:13
.
Pre-Run: 42,772,725,760 bytes free
Post-Run: 42,672,136,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 27B9B252B21CA434D1C1FFB43D2CACB7
  • 0

#9
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Log looks good, how's the computer running?


1. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\program files\021820122581156.bat

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


2. ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



3. I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir

    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


4. Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#10
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 12-03-06.01 - Robin 03/07/2012 11:56:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -6:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Robin\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt
c:\documents and settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf
c:\documents and settings\Robin\Application Data\PC Security Guardian
c:\documents and settings\Robin\Application Data\PC Security Guardian\cookies.sqlite
c:\documents and settings\Robin\Application Data\PriceGong
c:\documents and settings\Robin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Robin\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Robin\WINDOWS
c:\program files\FunWebProducts
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 02:35 . 2012-03-07 02:35 -------- d-----w- C:\_OTL
2012-03-03 05:28 . 2012-03-03 05:28 -------- d-----w- c:\program files\Common Files\Datalode
2012-02-29 00:31 . 2008-04-14 11:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-02-26 23:24 . 2012-02-26 23:24 -------- d-----w- c:\windows\BBSTORE
2012-02-26 23:21 . 2012-02-26 23:40 -------- d-----w- c:\program files\Myst
2012-02-26 22:23 . 2012-02-26 22:23 -------- d-----w- C:\Mythic
2012-02-18 08:58 . 2012-02-18 08:58 471 ----a-w- c:\program files\021820122581156.bat
2012-02-18 08:46 . 2012-02-18 08:47 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WildWestStory
2012-02-16 23:36 . 2012-02-16 23:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-16 22:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 22:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 04:50 . 2012-02-09 04:50 2829 ----a-w- c:\windows\DIIUnin.pif
2012-02-09 04:50 . 2012-02-09 04:50 94208 ----a-w- c:\windows\DIIUnin.exe
2012-02-09 04:44 . 2012-03-05 07:56 -------- d-----w- c:\program files\Diablo II
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 00:59 . 2012-01-04 15:55 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-03-06 00:59 . 2012-01-04 15:55 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-03-06 00:59 . 2012-01-04 15:55 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-02-01 12:17 . 2012-02-01 12:17 38320 ----a-w- c:\windows\system32\f3PSSavr.scr
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-29 13:37 . 2011-10-06 20:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
"Akamai NetSession Interface"="c:\documents and settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-2-27 1736704]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2011-8-19 4545024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 19:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-08 03:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-03-19 06:05 630784 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Robin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Robin\\My Documents\\Downloads\\SweetImSetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [8/19/2011 2:17 PM 266240]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [8/19/2011 2:17 PM 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1/1/2011 8:17 PM 57344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2011 10:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2011 10:01 PM 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [8/19/2011 2:17 PM 360529]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:01]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:01]
.
2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=21
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=101&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Exetender - c:\program files\Free Ride Games\GPlayer.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
AddRemove-Bandoo - c:\program files\Bandoo\uninstaller.exe
AddRemove-Marine Aquarium 2, Sharks & Carousel Bundle - c:\program files\Prolific Publishing
AddRemove-Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 12:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-07 12:13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 18:13
.
Pre-Run: 42,772,725,760 bytes free
Post-Run: 42,672,136,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 27B9B252B21CA434D1C1FFB43D2CACB7

C:\Documents and Settings\Robin\My Documents\Downloads\cnet2_msgr11us_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Robin\My Documents\Downloads\DownloadManager_Setup.exe a variant of Win32/Adware.iBryte.B application
C:\Documents and Settings\Robin\My Documents\Downloads\Install_MSN_Messenger.exe a variant of Win32/Adware.OpenInstall application
C:\Documents and Settings\Robin\My Documents\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.F application
C:\Documents and Settings\Robin\My Documents\Downloads\Photo.zip Win32/TrojanDownloader.Agent.RAG trojan
C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(1).exe a variant of Win32/Adware.OpenInstall application
C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(2).exe a variant of Win32/Adware.OpenInstall application
C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(3).exe a variant of Win32/Adware.OpenInstall application
C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free.exe a variant of Win32/Adware.OpenInstall application
C:\Documents and Settings\Robin\My Documents\Downloads\SmileyCentral.exe Win32/AdInstaller application
C:\Documents and Settings\Robin\My Documents\Downloads\SmileyCentralPFSetup2.3.98.9.ZNfox000.exe a variant of Win32/Toolbar.MyWebSearch.K application
C:\Documents and Settings\Robin\My Documents\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\MSN Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Documents and Settings\Robin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar.vir Win32/Adware.Gamevance.Gen application
C:\WINDOWS\system32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL a variant of Win32/Toolbar.MyWebSearch.G application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Win32/FunWeb application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch.F application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3IEOVR.DLL Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch.P application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE a variant of Win32/Toolbar.MyWebSearch.I application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL Win32/Toolbar.MyWebSearch.I application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL a variant of Win32/Toolbar.MyWebSearch.K application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\del_DM_DLL_36.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\del_DM_EXE_53.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\del_IEBHO_70.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03062012_203545\C_Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application

OTL logfile created on: 3/8/2012 1:38:52 AM - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 439.05 Mb Available Physical Memory | 42.90% Memory free
2.41 Gb Paging File | 1.70 Gb Available in Paging File | 70.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.36 Gb Free Space | 70.44% Space Free | Partition Type: NTFS

Computer Name: HOME1-20C44E28C | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/05 22:53:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/01 18:32:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2011/11/29 07:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/10 10:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 10:18:38 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/07 17:51:15 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/07 12:10:33 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030701\algo.dll
MOD - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/29 07:37:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/18 16:23:00 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/18 15:09:06 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/06/18 15:09:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/18 15:08:53 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2008/02/22 13:55:42 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinwcuiDLL.dll
MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinHWStatus.dll
MOD - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/03/19 00:04:22 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/10/26 04:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2005/06/07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30230760-DB59-43A1-BE27-E62C9E488E2A}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{3457295B-586D-4F60-8F1F-5EE449399E91}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{E88E7B31-FC91-40DB-A7D0-9CC810D95CD9}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=21"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...id=101&sr=0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/08 01:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/29 07:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 18:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com

[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2012/03/06 20:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions
[2011/06/21 19:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 09:43:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\Search_Results.xml
[2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
[2012/03/06 20:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 01:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/22 01:45:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/29 07:37:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 14:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/29 07:37:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NP32DSW.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: GameVance = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/07 12:07:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DBCDED-4B62-4E41-9E6E-749E6168BBD9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697BDEF8-8768-4504-A2CD-44E0E9F5B9EE}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 19:41:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 01:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/03/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/08 01:30:50 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/08 01:30:50 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/08 01:30:45 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/08 01:30:45 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/08 01:30:43 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/08 01:30:42 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/08 01:30:42 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/08 01:30:41 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/08 01:29:31 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/08 01:29:30 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/08 01:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/08 01:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/07 22:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/07 11:53:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/07 11:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/07 11:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/07 11:51:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/07 11:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/07 11:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/07 11:51:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/07 11:50:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 11:50:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin\My Documents\My Videos
[2012/03/07 11:50:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Administrative Tools
[2012/03/06 22:00:35 | 004,428,059 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2012/03/06 20:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\OTL STUFF
[2012/03/06 20:35:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 22:53:15 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
[2012/03/05 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2012/03/02 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TorchED
[2012/03/02 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Datalode
[2012/03/02 23:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Torchlight
[2012/02/26 22:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/02/26 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2012/02/26 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2012/02/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Mythic
[2012/02/25 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Received Files
[2012/02/18 02:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WildWestStory
[2012/02/08 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/02/08 22:50:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/08 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 01:37:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 01:30:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/08 01:30:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/07 18:37:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 18:28:00 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/03/07 18:28:00 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/03/07 18:28:00 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/03/07 17:54:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
[2012/03/07 17:50:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/07 17:30:12 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/03/07 17:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 12:07:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/07 11:54:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/07 11:44:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/03/07 11:44:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/03/06 22:57:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/03/06 22:57:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/03/06 22:01:07 | 004,428,059 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 18:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 11:35:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/03/05 23:24:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2012/03/05 22:53:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
[2012/03/05 20:25:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2012/03/05 02:07:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2012/03/03 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/03 08:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:35:14 | 000,000,191 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:24:18 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 17:24:14 | 000,000,798 | ---- | M] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | M] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/25 07:42:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/25 07:36:25 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 21:40:44 | 000,000,059 | ---- | M] () -- C:\WINDOWS\BS.INI
[2012/02/18 02:58:11 | 000,000,471 | ---- | M] () -- C:\Program Files\021820122581156.bat
[2012/02/18 02:45:57 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/02/16 17:04:13 | 000,485,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 17:04:13 | 000,088,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/08 22:50:34 | 000,016,910 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/08 22:50:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 01:30:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/07 11:54:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/07 11:54:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/07 11:51:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/07 11:51:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/07 11:51:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/07 11:51:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/07 11:51:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/06 11:35:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2012/03/05 23:24:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata18.sqm
[2012/03/05 20:25:37 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2012/03/05 02:07:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2012/03/03 08:40:20 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | C] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:24:14 | 000,000,798 | ---- | C] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | C] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/26 17:24:14 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:23:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 09:32:13 | 000,256,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 13:46:54 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:54 | 000,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/18 02:58:11 | 000,000,471 | ---- | C] () -- C:\Program Files\021820122581156.bat
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 22:50:34 | 000,016,910 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/01/04 09:55:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/04 09:55:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/04 09:55:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/10/23 09:21:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/19 14:17:10 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/06/26 18:49:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2011/05/19 04:40:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 19:40:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2011/02/05 21:41:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2011/02/05 21:39:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BP.INI
[2011/01/30 15:39:46 | 000,000,115 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2011/01/30 15:27:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/01/30 15:22:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BS.INI
[2011/01/30 14:04:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/30 13:12:10 | 000,015,170 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/01/30 12:29:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/01/30 12:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BB.INI
[2011/01/04 20:04:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2011/01/04 01:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/04 00:04:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/02 22:12:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/02 13:05:26 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\ClockTraySkins.ini
[2011/01/01 22:23:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/01 22:23:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/01 22:23:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/01 22:23:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/01 22:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DontSort.ini
[2011/01/01 19:53:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/01/01 19:45:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 19:38:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/01/04 00:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2011/07/21 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/05/17 09:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy(2)
[2012/02/29 17:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2012/01/03 09:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2012/01/26 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/03/08 01:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/18 18:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/07/10 20:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/02/02 13:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/07 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves
[2012/01/04 16:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2011/12/24 07:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2011/11/25 11:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2011/11/25 11:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2011/12/25 11:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2011/01/17 18:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/12/31 17:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2012/01/04 10:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2011/12/31 17:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2012/01/03 09:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/01/07 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/10/15 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2011/01/04 22:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/08 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/01/03 09:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/01/09 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/05/06 18:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/06 18:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2011/02/03 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\155000 Games
[2012/01/03 09:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\aliasworlds
[2012/01/18 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Bandoo
[2011/01/10 18:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\FlowPlay
[2011/05/17 09:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\funkitron
[2011/01/03 10:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\GameInvest
[2011/06/18 14:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ICAClient
[2011/01/04 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Kalydo
[2011/08/31 16:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Oberon Media
[2011/01/09 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PlayFirst
[2011/07/10 20:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\playmink
[2011/12/05 23:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\runic games
[2012/01/26 16:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchquband
[2012/02/02 01:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchqutoolbar
[2011/01/07 18:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Sony Online Entertainment
[2011/01/01 22:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\TuneUp Software
[2011/06/18 14:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Uniblue
[2011/01/03 12:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Virtual City
[2011/01/09 19:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\yoclient
[2012/03/07 17:54:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job

========== Purity Check ==========



< End of report >

Edited by keithiverson, 08 March 2012 - 02:03 AM.

  • 0

Advertisements


#11
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 3/8/2012 1:38:52 AM - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 439.05 Mb Available Physical Memory | 42.90% Memory free
2.41 Gb Paging File | 1.70 Gb Available in Paging File | 70.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.36 Gb Free Space | 70.44% Space Free | Partition Type: NTFS

Computer Name: HOME1-20C44E28C | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/05 22:53:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/01 18:32:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2011/11/29 07:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/10 10:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 10:18:38 | 001,736,704 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
PRC - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/07 17:51:15 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/07 12:10:33 | 001,721,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12030701\algo.dll
MOD - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/29 07:37:17 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/18 16:23:00 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/18 15:09:06 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/06/18 15:09:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/18 15:08:53 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2008/02/22 13:55:42 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinwcuiDLL.dll
MOD - [2007/03/30 16:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D7010v8\BelkinHWStatus.dll
MOD - [2007/03/19 00:05:02 | 000,630,784 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/03/19 00:04:22 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/10 19:26:21 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/23 17:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/10/26 04:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/08/28 21:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2005/06/07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{30230760-DB59-43A1-BE27-E62C9E488E2A}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{3457295B-586D-4F60-8F1F-5EE449399E91}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{E88E7B31-FC91-40DB-A7D0-9CC810D95CD9}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=21"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://dts.search-re...id=101&sr=0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/08 01:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/29 07:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 18:14:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\ffox@bandoo.com

[2012/02/02 01:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2012/03/06 20:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions
[2011/06/21 19:35:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 09:43:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\Search_Results.xml
[2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
[2012/03/06 20:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 01:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/22 01:45:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/29 07:37:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 14:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 01:01:02 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/29 07:37:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NP32DSW.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Documents and Settings\Robin\Application Data\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Bandoo = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: GameVance = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/07 12:07:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Robin\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DBCDED-4B62-4E41-9E6E-749E6168BBD9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697BDEF8-8768-4504-A2CD-44E0E9F5B9EE}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/01 19:41:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 01:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/03/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/08 01:30:50 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/08 01:30:50 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/08 01:30:45 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/08 01:30:45 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/08 01:30:43 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/08 01:30:42 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/08 01:30:42 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/08 01:30:41 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/08 01:29:31 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/08 01:29:30 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/08 01:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/08 01:08:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/07 22:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/07 11:53:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/07 11:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/07 11:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/07 11:51:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/07 11:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/07 11:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/07 11:51:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/07 11:50:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 11:50:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin\My Documents\My Videos
[2012/03/07 11:50:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Administrative Tools
[2012/03/06 22:00:35 | 004,428,059 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2012/03/06 20:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\OTL STUFF
[2012/03/06 20:35:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 22:53:15 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
[2012/03/05 19:57:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2012/03/02 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TorchED
[2012/03/02 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Datalode
[2012/03/02 23:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Start Menu\Programs\Torchlight
[2012/02/26 22:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/02/26 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2012/02/26 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Myst
[2012/02/26 16:23:49 | 000,000,000 | ---D | C] -- C:\Mythic
[2012/02/25 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\My Documents\My Received Files
[2012/02/18 02:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WildWestStory
[2012/02/08 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2012/02/08 22:50:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2012/02/08 22:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 01:37:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 01:30:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/08 01:30:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/07 18:37:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 18:28:00 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/03/07 18:28:00 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/03/07 18:28:00 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/03/07 17:54:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job
[2012/03/07 17:50:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/07 17:30:12 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/03/07 17:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 12:07:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/07 11:54:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/07 11:44:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2012/03/07 11:44:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2012/03/06 22:57:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012/03/06 22:57:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012/03/06 22:01:07 | 004,428,059 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 18:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/06 11:35:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/03/05 23:24:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2012/03/05 22:53:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL(1).exe
[2012/03/05 20:25:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2012/03/05 02:07:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2012/03/03 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/03 08:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:35:14 | 000,000,191 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:24:18 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 17:24:14 | 000,000,798 | ---- | M] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | M] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/25 07:42:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/25 07:36:25 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 21:40:44 | 000,000,059 | ---- | M] () -- C:\WINDOWS\BS.INI
[2012/02/18 02:58:11 | 000,000,471 | ---- | M] () -- C:\Program Files\021820122581156.bat
[2012/02/18 02:45:57 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/02/16 17:04:13 | 000,485,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 17:04:13 | 000,088,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/08 22:50:34 | 000,016,910 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2012/02/08 22:50:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 01:30:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/07 11:54:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/07 11:54:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/07 11:51:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/07 11:51:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/07 11:51:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/07 11:51:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/07 11:51:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/06 11:35:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata19.sqm
[2012/03/06 11:35:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2012/03/05 23:24:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2012/03/05 23:24:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata18.sqm
[2012/03/05 20:25:37 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2012/03/05 20:25:37 | 000,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2012/03/05 02:07:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012/03/05 02:07:24 | 000,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2012/03/03 20:28:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012/03/03 20:28:25 | 000,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2012/03/03 20:01:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012/03/03 20:01:51 | 000,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2012/03/03 08:40:20 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012/03/03 08:40:20 | 000,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2012/03/03 01:05:43 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012/03/03 01:05:43 | 000,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2012/03/02 23:28:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Torchlight.lnk
[2012/03/01 22:19:11 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2012/03/01 22:19:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2012/03/01 13:32:21 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2012/03/01 13:32:21 | 000,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2012/02/29 10:59:15 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2012/02/29 10:59:15 | 000,000,232 | -H-- | C] () -- C:\sqmdata09.sqm
[2012/02/28 19:09:11 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2012/02/28 19:09:10 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2012/02/28 18:26:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2012/02/28 18:26:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata07.sqm
[2012/02/28 18:21:02 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2012/02/28 18:21:02 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm
[2012/02/28 14:27:38 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2012/02/28 14:27:38 | 000,000,232 | -H-- | C] () -- C:\sqmdata05.sqm
[2012/02/28 12:09:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2012/02/28 12:09:19 | 000,000,232 | -H-- | C] () -- C:\sqmdata04.sqm
[2012/02/27 11:57:28 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2012/02/27 11:57:28 | 000,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2012/02/26 23:02:27 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2012/02/26 23:02:27 | 000,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2012/02/26 22:01:20 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/02/26 22:01:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/26 17:24:14 | 000,000,798 | ---- | C] () -- C:\WINDOWS\WININI.QTW
[2012/02/26 17:24:14 | 000,000,435 | ---- | C] () -- C:\WINDOWS\SYSINI.QTW
[2012/02/26 17:24:14 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2012/02/26 17:23:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RESULT.QTW
[2012/02/26 09:32:13 | 000,256,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 13:46:54 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2012/02/25 13:46:54 | 000,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2012/02/25 13:46:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2012/02/25 13:46:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata00.sqm
[2012/02/25 07:42:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Farm Frenzy.lnk
[2012/02/18 02:58:11 | 000,000,471 | ---- | C] () -- C:\Program Files\021820122581156.bat
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 16:38:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 22:50:34 | 000,016,910 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012/02/08 22:50:34 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2012/02/08 22:50:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2012/01/04 09:55:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/01/04 09:55:07 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/01/04 09:55:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/10/23 09:21:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/19 14:17:10 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/06/26 18:49:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2011/05/19 04:40:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 19:40:36 | 000,000,086 | ---- | C] () -- C:\WINDOWS\MVPSPADE.INI
[2011/02/05 21:41:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\BICYCLE.INI
[2011/02/05 21:39:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BP.INI
[2011/01/30 15:39:46 | 000,000,115 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2011/01/30 15:27:59 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2011/01/30 15:22:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BS.INI
[2011/01/30 14:04:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/01/30 13:12:10 | 000,015,170 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/01/30 12:29:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2011/01/30 12:05:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BB.INI
[2011/01/04 20:04:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2011/01/04 01:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/04 00:04:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/02 22:12:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/01/02 13:05:26 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\ClockTraySkins.ini
[2011/01/01 22:23:19 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/01 22:23:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/01 22:23:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/01 22:23:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/01 22:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DontSort.ini
[2011/01/01 19:53:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/01/01 19:45:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 19:38:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2011/01/04 00:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2011/07/21 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/05/17 09:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy(2)
[2012/02/29 17:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2012/01/03 09:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2012/01/26 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/03/08 01:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/18 18:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/07/10 20:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/02/02 13:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/07 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves
[2012/01/04 16:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2011/12/24 07:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2011/11/25 11:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2011/11/25 11:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2011/12/25 11:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2011/01/17 18:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/12/31 17:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2012/01/04 10:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2011/12/31 17:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2012/01/03 09:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/01/07 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/10/15 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2011/01/04 22:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/08 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/01/03 09:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/01/09 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/05/06 18:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/06 18:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2011/02/03 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\155000 Games
[2012/01/03 09:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\aliasworlds
[2012/01/18 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Bandoo
[2011/01/10 18:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\FlowPlay
[2011/05/17 09:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\funkitron
[2011/01/03 10:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\GameInvest
[2011/06/18 14:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ICAClient
[2011/01/04 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Kalydo
[2011/08/31 16:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Oberon Media
[2011/01/09 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PlayFirst
[2011/07/10 20:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\playmink
[2011/12/05 23:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\runic games
[2012/01/26 16:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchquband
[2012/02/02 01:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchqutoolbar
[2011/01/07 18:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Sony Online Entertainment
[2011/01/01 22:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\TuneUp Software
[2011/06/18 14:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Uniblue
[2011/01/03 12:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Virtual City
[2011/01/09 19:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\yoclient
[2012/03/07 17:54:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{934CBD03-08DF-4D78-9E63-09574D200FB7}.job

========== Purity Check ==========



< End of report >
  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Did you miss or forgot to post the result of instruction #1? How's the computer running?


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    C:\Documents and Settings\Robin\My Documents\Downloads\cnet2_msgr11us_exe.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\DownloadManager_Setup.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\Install_MSN_Messenger.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\PDFCreatorSetup.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\Photo.zip 
    C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(1).exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(2).exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free(3).exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\setup_av_free.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\SmileyCentral.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\SmileyCentralPFSetup2.3.98.9.ZNfox000.exe 
    C:\Documents and Settings\Robin\My Documents\Downloads\SweetImSetup.exe 
    C:\Program Files\MSN Messenger\msimg32.dll 
    C:\Program Files\MSN Messenger\riched20.dll 
    C:\WINDOWS\system32\f3PSSavr.scr
    [2012/02/18 23:51:54 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml
    [2012/01/18 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Bandoo
    [2012/01/26 16:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchquband
    [2012/02/02 01:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\searchqutoolbar
    
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    
    :Commands
    [EmptyJava]
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "Java SE 7u3".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-7u3-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


3. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Uncheck any optional download like Free Google Toolbar or Free McAfee® Security Scan Plus.
  • Click download to download the file and install it by following the prompts.
Adobe Download Manager FAQ | Flash Player and Reader: http://kb2.adobe.com...psid_52001.html
  • 0

#13
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All processes killed
========== OTL ==========
C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\d02eji8c.default\searchplugins\SweetIM Search.xml moved successfully.
C:\Documents and Settings\Robin\Application Data\Bandoo folder moved successfully.
C:\Documents and Settings\Robin\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\Robin\Application Data\searchqutoolbar folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\\AntiVirusOverride deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.HOME1-20C44E28C

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Robin
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.HOME1-20C44E28C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3517359 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robin
->Temp folder emptied: 1119530 bytes
->Temporary Internet Files folder emptied: 12290411 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118508252 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3086484 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 13416 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49741 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8994 bytes

Total Files Cleaned = 132.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03082012_122022

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_434.dat not found!

Registry entries deleted on Reboot...


do u still need report that didn't get copied i may still have it. i have been making copies of all reports.
ty for helping me with this problem. as far as running not had time to really check things out, but yes avast dd load and is running again.
  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Everything looks good except for that one suspected files that I asked you to scan using Virscan but you missed that part I guess so kindly do the instruction below please.


Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\program files\021820122581156.bat

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#15
keithiverson

keithiverson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
File Name : 021820122581156.bat
File Size : 471 byte
File Type : ASCII English text, with CRLF line terminators
MD5 : 720468b141c580f8dd90fa33a3a7c918
SHA1 : d5f99e42a6cb43ae38e7f86e6e5519f13885ea88

Scanner results
Scanner results : Scanners did not find malware!
Time : 2012/03/10 12:25:28 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.1.0.4 20120310200128 2012-03-10
-
0.859
AhnLab V3 2012.03.11.00 2012.03.11 2012-03-11
-
14.757
AntiVir 8.2.8.44 7.11.21.199 2012-01-27
-
0.311
Antiy 2.0.18 2.0.18. 0002-18-00
-
0.424
Arcavir 2011 201203040306 2012-03-04
-
9.066
Authentium 5.1.1 201203100102 2012-03-10
-
2.935
AVAST! 4.7.4 120310-1 2012-03-10
-
0.214
AVG 12.0.1782 2114/4862 2012-03-10
-
0.469
BitDefender 7.90123.7010767 7.41345 2012-03-09
-
8.222
ClamAV 0.97.3 14627 2012-03-10
-
0.225
Comodo 5.1 11752 2012-03-10
-
3.292
CP Secure 1.3.0.5 2012.03.11 2012-03-11
-
0.296
Dr.Web 7.0.0.11250 2012.03.05 2012-03-05
-
25.577
F-Prot 4.6.2.117 20120309 2012-03-09
-
1.769
F-Secure 7.02.73807 2012.02.07.03 2012-02-07
-
1.806
Fortinet 4.3.388 15.297 2012-03-10
-
0.206
GData 22.4160 20120310 2012-03-10
-
9.719
Ikarus T3.1.32.20.0 2012.03.10.80686 2012-03-10
-
6.510
JiangMin 13.0.900 2012.03.10 2012-03-10
-
9.172
Kaspersky 5.5.10 2012.03.10 2012-03-10
-
0.369
KingSoft 2009.2.5.15 2012.3.10.9 2012-03-10
-
4.627
McAfee 5400.1158 6644 2012-03-09
-
13.979
Microsoft 1.8101 2012.03.10 2012-03-10
-
14.784
NOD32 3.0.21 6841 2012-01-30
-
0.164
nProtect 20120310.01 11008085 2012-03-10
-
4.912
Panda 9.05.01 2012.03.09 2012-03-09
-
4.928
Quick Heal 11.00 2012.03.10 2012-03-10
-
1.808
Rising 20.0 24.00.04.01 2012-03-09
-
3.693
Sophos 3.29.0 4.75 2012-03-10
-
7.008
Sunbelt 3.9.2530.2 11647 2012-03-10
-
5.692
Symantec 1.3.0.24 20120308.002 2012-03-08
-
0.912
The Hacker 6.7.0.1 v00421 2012-03-09
-
1.972
Trend Micro 9.500-1005 8.828.03 2012-03-10
-
0.183
VBA32 3.12.16.4 20120307.1150 2012-03-07
-
3.356
ViRobot 20120310 2012.03.10 2012-03-10
-
4.413
VirusBuster 5.4.1.9 14.1.256.1/8076547 2012-03-09
-
0.268
■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP