Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Evil iexplore.exe virus - pleaseeee help! [Closed]


  • This topic is locked This topic is locked

#1
paradigm85

paradigm85

    New Member

  • Member
  • Pip
  • 5 posts
Hello!

I have the iexplore.exe virus that has been eating up CPU and making it impossible to use my computer. The virus has taken over my anti-virus and malware programs (even the chameleon program) and stopped it from updating or removing threats. I have been reading posts about it for weeks to try and fix it and understand it involves using combofix and OTC. However I don't know how to interpret Combofix data and need a more tech-savvy person to help me. Can someone please walk me through it? I will be eternally grateful!



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:50:26 PM, on 3/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinn...ersolitaire.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1244485218250
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/...t/Ode/pcd86.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.co.../DellSystem.CAB
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinn....0/iewwload.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell....lSystemLite.CAB
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinn...i/mysterypi.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.syste...tel_4.5.3.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: 733a569c82ef18c6bc1643f70dcf2aca (ddeeedbadfaf) - Unknown owner - C:\WINDOWS\ddeeedbadfaf.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6853 bytes
  • 0

Advertisement


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,841 posts
Hi there I need a bit more data than Hijackthis can provide


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
paradigm85

paradigm85

    New Member

  • Member
  • Pip
  • 5 posts
First of all THANK YOU... I have been desperate for some help. Here are the logs from OTC:

OTL logfile created on: 3/24/2012 11:50:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TLC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 76.62% Memory free
4.82 Gb Paging File | 4.25 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 121.22 Gb Free Space | 81.33% Space Free | Partition Type: NTFS

Computer Name: TLC-I5ES5Z90XFA | User Name: TLC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 23:49:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
PRC - [2012/03/09 18:26:04 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/03/09 18:26:04 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/09 18:26:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/03/09 18:26:10 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/03/09 18:22:30 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/17 15:28:56 | 000,086,696 | ---- | M] () -- C:\Program Files\blekkotb\blekkoDx.dll
MOD - [2011/12/23 08:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2008/10/24 19:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2001/10/29 01:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\ddeeedbadfaf.exe /s -- (ddeeedbadfaf)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/09 18:26:04 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TLC\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/23 23:45:43 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/12/23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/04/07 11:48:28 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/12/19 12:26:38 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/10/24 19:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2007/12/26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/01/12 18:45:46 | 000,060,544 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2005/05/31 11:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/06/17 15:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {FB15966D-9548-4919-89C3-0E5D97978C73}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{FB15966D-9548-4919-89C3-0E5D97978C73}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA ED 52 C9 1A FC CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FB15966D-9548-4919-89C3-0E5D97978C73}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000225f037a38
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{FB15966D-9548-4919-89C3-0E5D97978C73}: "URL" = http://www.google.co...1I7GFRE_enUS331
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..keyword.URL: "http://www.oovoostar...&country=US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "http://blekko.com?so...ABB72475894466"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/28 23:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/23 01:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/23 01:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/23 01:09:17 | 000,000,000 | ---D | M]

[2009/07/26 22:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Extensions
[2009/07/26 22:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/24 16:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions
[2012/03/24 16:07:31 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2010/12/27 11:01:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 20:53:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/26 18:42:44 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\chachaguidebar@chacha.com
[2012/03/23 21:30:32 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\crossriderapp2258@crossrider.com
[2012/03/23 00:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/23 00:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/23 01:31:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/22 20:27:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/03/07 23:37:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/26 19:13:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/24 16:07:41 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2010/10/08 23:38:31 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/31 22:45:36 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2012/01/26 19:13:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\TLC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\TLC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.14.21_0\

O1 HOSTS File: ([2012/03/24 16:25:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244485218250 (WUWebControl Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0D5B411-543C-493F-9517-5407E99BFFF3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/09 17:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 23:49:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
[2012/03/24 18:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\My Documents\Amazon MP3
[2012/03/24 17:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Sunbelt Software
[2012/03/24 16:12:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/24 16:12:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/24 16:12:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/24 16:12:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/24 16:11:17 | 004,443,082 | R--- | C] (Swearware) -- C:\Documents and Settings\TLC\Desktop\ComboFix.exe
[2012/03/24 16:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/24 16:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\blekkotb
[2012/03/24 16:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
[2012/03/24 00:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Start Menu\Programs\HiJackThis
[2012/03/24 00:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/23 19:34:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/23 19:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/23 01:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\PackageAware
[2012/03/23 01:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\ApplicationHistory
[2012/03/23 01:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/23 01:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA
[2012/03/23 01:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Start Menu\Programs\Dell Inc
[2012/03/23 01:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Dell
[2012/03/23 01:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/03/23 01:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/03/23 01:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/23 01:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/23 01:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\WorldWinner.com, Inc
[2012/03/23 01:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Worldwinner
[2012/03/23 01:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/23 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/23 00:25:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/22 21:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/22 20:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor
[2012/03/20 18:06:09 | 000,000,000 | ---D | C] -- C:\b410563d6ae12f2de5ae72b3d9
[2012/03/11 04:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Babylon
[2012/03/11 04:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Babylon
[2012/03/10 20:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/03/10 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/03/10 20:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\PCDr
[2012/03/10 20:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Deployment
[2012/03/09 18:22:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/03/09 18:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/03/08 02:17:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/03/08 00:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/03/07 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 22:20:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/07 02:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\AVG
[2012/03/07 02:14:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/07 02:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 22:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WorldWinner Games
[2012/03/06 21:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\ElevatedDiagnostics
[2012/03/06 21:47:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

========== Files - Modified Within 30 Days ==========

[2012/03/24 23:49:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
[2012/03/24 23:45:34 | 000,442,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/24 23:45:34 | 000,071,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/24 23:41:38 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/24 23:41:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-789336058-839522115-1003.job
[2012/03/24 23:41:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/24 23:41:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/24 23:41:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/24 23:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/24 18:33:06 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/03/24 16:25:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/24 16:11:31 | 004,443,082 | R--- | M] (Swearware) -- C:\Documents and Settings\TLC\Desktop\ComboFix.exe
[2012/03/24 15:50:19 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\HiJackThis.lnk
[2012/03/23 23:45:43 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/23 22:06:26 | 000,000,307 | RHS- | M] () -- C:\boot.ini
[2012/03/23 21:49:40 | 000,453,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/23 19:12:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/23 02:18:33 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/22 20:53:18 | 000,012,335 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\all
[2012/03/22 20:02:46 | 001,324,628 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor.zip
[2012/03/20 18:06:06 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 04:13:31 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/03/10 22:24:30 | 001,241,440 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\D630_A18.exe
[2012/03/10 22:24:30 | 001,228,992 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\D630_A17.EXE
[2012/03/10 22:22:47 | 000,029,063 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml
[2012/03/10 20:13:21 | 003,892,272 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\CW1337A0.exe
[2012/03/09 18:26:14 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/09 18:22:08 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/08 03:53:55 | 000,019,896 | ---- | M] () -- C:\Documents and Settings\TLC\Application Data\wklnhst.dat
[2012/03/08 01:52:28 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\TLC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/08 00:55:52 | 091,084,966 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012/03/06 19:23:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 18:40:16 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\Microsoft Word.lnk
[2012/03/05 20:43:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/05 20:43:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/03/03 06:28:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-789336058-839522115-1003.job
[2012/03/02 18:29:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2012/03/24 16:12:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/24 16:12:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/24 16:12:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/24 16:12:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/24 16:12:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/24 00:51:22 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\HiJackThis.lnk
[2012/03/23 22:17:23 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/23 19:34:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/23 19:34:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/22 20:53:18 | 000,012,335 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\all
[2012/03/22 20:02:25 | 001,324,628 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor.zip
[2012/03/11 04:13:31 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/10 22:24:23 | 001,228,992 | ---- | C] () -- C:\Documents and Settings\TLC\My Documents\D630_A17.EXE
[2012/03/10 22:24:22 | 001,241,440 | ---- | C] () -- C:\Documents and Settings\TLC\My Documents\D630_A18.exe
[2012/03/10 22:22:40 | 000,029,063 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml
[2012/03/10 20:13:00 | 003,892,272 | ---- | C] () -- C:\Documents and Settings\TLC\My Documents\CW1337A0.exe
[2012/03/10 16:44:49 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/09 18:22:14 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/09 18:22:08 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/08 04:10:40 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/03/08 01:51:53 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/08 01:51:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\TLC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 19:07:06 | 091,084,966 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012/03/02 18:29:10 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/02 18:29:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/14 19:31:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/17 04:52:07 | 000,513,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 20:17:31 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/06/09 19:33:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 19:33:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/11 20:55:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 20:32:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/12 00:57:32 | 000,096,684 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/28 18:49:41 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgdoc2.dll
[2010/03/28 18:48:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/03/28 18:48:16 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini

========== LOP Check ==========

[2011/09/23 17:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/06/11 15:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2012/03/23 01:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/12/16 21:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/22 16:45:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/18 02:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/08/22 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/03/23 00:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/13 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/03/10 20:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/02 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/20 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/03/24 18:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/27 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/15 19:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/23 00:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2009/06/11 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/19 18:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Amazon
[2011/06/11 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Avery
[2012/03/07 02:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\AVG
[2012/03/11 04:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Babylon
[2012/03/24 20:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\blekkotb
[2012/03/06 21:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\ElevatedDiagnostics
[2012/03/23 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\eMusic
[2009/09/25 21:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\GetRightToGo
[2009/09/14 18:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Inspiration Software
[2009/11/30 01:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Multi File Downloader
[2011/06/13 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Nitro PDF
[2012/02/14 00:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\ooVoo Details
[2011/06/13 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\OpenCandy
[2010/02/20 21:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\OpenOffice.org
[2012/03/10 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PCDr
[2009/09/02 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PlayFirst
[2011/06/13 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PrimoPDF
[2009/09/25 20:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Scribus
[2009/06/30 18:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Template
[2010/02/20 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\WeatherBug
[2012/03/23 01:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Worldwinner
[2012/03/24 23:41:38 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/06/08 15:58:37 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
[2003/07/16 12:22:20 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2003/07/16 12:41:09 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
[2011/05/16 21:25:55 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/05/16 21:25:55 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2011/05/16 21:25:55 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/07/16 12:43:14 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
[2003/07/16 12:45:16 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: TLC-I5ES5Z90XFA
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 149 GB Healthy System

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Progress Review:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Misc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Institute:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\FirstClass:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 3/24/2012 11:50:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TLC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 76.62% Memory free
4.82 Gb Paging File | 4.25 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 121.22 Gb Free Space | 81.33% Space Free | Partition Type: NTFS

Computer Name: TLC-I5ES5Z90XFA | User Name: TLC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37676:TCP" = 37676:TCP:*:Disabled:ooVoo TCP port 37676
"37676:UDP" = 37676:UDP:*:Disabled:ooVoo UDP port 37676
"37677:UDP" = 37677:UDP:*:Disabled:ooVoo UDP port 37677

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4526249-944F-4108-B686-A435B4A62BA5}" = TI_Inst
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA5BA1B6-38D7-4A8F-B623-8A587AF1D34F}" = Mobile Broadband Generic Drivers
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"blekkotb" = Spam Free Search Bar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Support Center" = Dell Support Center
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InstallShield_{A4526249-944F-4108-B686-A435B4A62BA5}" = Texas Instruments PCIxx21/x515 drivers.
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 9:13:10 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:13:14 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:16:29 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:32:55 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:33:21 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:36:18 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:36:39 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 9:44:25 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 11:45:27 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2012 11:45:47 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/23/2012 11:31:37 PM | Computer Name = TLC-I5ES5Z90XFA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/23/2012 11:36:09 PM | Computer Name = TLC-I5ES5Z90XFA | Source = SCardSvr | ID = 602
Description = WDM Reader driver initialization cannot open reader device: The system
cannot find the path specified.

Error - 3/23/2012 11:36:23 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/23/2012 11:37:10 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 3/24/2012 4:14:54 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/24/2012 6:31:37 PM | Computer Name = TLC-I5ES5Z90XFA | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 3/24/2012 6:33:58 PM | Computer Name = TLC-I5ES5Z90XFA | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 3/24/2012 11:41:29 PM | Computer Name = TLC-I5ES5Z90XFA | Source = SCardSvr | ID = 602
Description = WDM Reader driver initialization cannot open reader device: The system
cannot find the path specified.

Error - 3/24/2012 11:41:37 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/24/2012 11:41:37 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

[ Windows PowerShel Events ]
Error - 3/23/2012 9:13:10 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:13:14 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:16:29 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:32:55 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:33:21 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:36:18 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:36:39 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 9:44:25 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 11:45:27 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =

Error - 3/23/2012 11:45:47 PM | Computer Name = TLC-I5ES5Z90XFA | Source = Application Hang | ID = 1002
Description =


< End of report >
  • 0

#4
paradigm85

paradigm85

    New Member

  • Member
  • Pip
  • 5 posts
Here is the MBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 23:58:54
-----------------------------
23:58:54.531 OS Version: Windows 5.1.2600 Service Pack 3
23:58:54.531 Number of processors: 2 586 0xF0B
23:58:54.531 ComputerName: TLC-I5ES5Z90XFA UserName: TLC
23:58:55.718 Initialize success
00:03:13.171 AVAST engine defs: 12032401
00:03:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:03:19.703 Disk 0 Vendor: ST9160414ASG DEC6 Size: 152627MB BusType: 3
00:03:19.734 Disk 0 MBR read successfully
00:03:19.734 Disk 0 MBR scan
00:03:19.734 Disk 0 Windows XP default MBR code
00:03:19.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
00:03:19.734 Disk 0 scanning sectors +312576705
00:03:19.796 Disk 0 scanning C:\WINDOWS\system32\drivers
00:03:32.843 Service scanning
00:03:47.625 Modules scanning
00:03:51.843 Disk 0 trace - called modules:
00:03:51.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:03:51.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4c1ab8]
00:03:51.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b45dd98]
00:03:52.453 AVAST engine scan C:\WINDOWS
00:03:59.140 AVAST engine scan C:\WINDOWS\system32
00:06:03.078 AVAST engine scan C:\WINDOWS\system32\drivers
00:06:18.343 AVAST engine scan C:\Documents and Settings\TLC
00:06:33.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TLC\Desktop\MBR.dat"
00:06:34.000 The log file has been saved successfully to "C:\Documents and Settings\TLC\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 23:58:54
-----------------------------
23:58:54.531 OS Version: Windows 5.1.2600 Service Pack 3
23:58:54.531 Number of processors: 2 586 0xF0B
23:58:54.531 ComputerName: TLC-I5ES5Z90XFA UserName: TLC
23:58:55.718 Initialize success
00:03:13.171 AVAST engine defs: 12032401
00:03:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:03:19.703 Disk 0 Vendor: ST9160414ASG DEC6 Size: 152627MB BusType: 3
00:03:19.734 Disk 0 MBR read successfully
00:03:19.734 Disk 0 MBR scan
00:03:19.734 Disk 0 Windows XP default MBR code
00:03:19.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
00:03:19.734 Disk 0 scanning sectors +312576705
00:03:19.796 Disk 0 scanning C:\WINDOWS\system32\drivers
00:03:32.843 Service scanning
00:03:47.625 Modules scanning
00:03:51.843 Disk 0 trace - called modules:
00:03:51.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:03:51.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4c1ab8]
00:03:51.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b45dd98]
00:03:52.453 AVAST engine scan C:\WINDOWS
00:03:59.140 AVAST engine scan C:\WINDOWS\system32
00:06:03.078 AVAST engine scan C:\WINDOWS\system32\drivers
00:06:18.343 AVAST engine scan C:\Documents and Settings\TLC
00:06:33.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TLC\Desktop\MBR.dat"
00:06:34.000 The log file has been saved successfully to "C:\Documents and Settings\TLC\Desktop\aswMBR.txt"
00:07:21.093 File: C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA\bin\1.0.5.0\appkikxSAHook.dll **INFECTED** Win32:Adware-gen [Adw]
00:12:03.812 AVAST engine scan C:\Documents and Settings\All Users
00:18:33.562 Scan finished successfully
00:25:10.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TLC\Desktop\MBR.dat"
00:25:10.500 The log file has been saved successfully to "C:\Documents and Settings\TLC\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,841 posts
Hi there lets see if we can kill it in one. On completion of this can you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\ddeeedbadfaf.exe /s -- (ddeeedbadfaf)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000225f037a38
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    FF - prefs.js..browser.startup.homepage: "http://blekko.com?so...ABB72475894466"
    FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/28 23:44:21 | 000,000,000 | ---D | M]
    [2012/03/24 16:07:31 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
    [2012/03/24 16:07:41 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
    O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
    O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
    O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
    [2012/03/24 16:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\blekkotb
    [2012/03/24 16:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
    [2012/03/23 01:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/03/23 01:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\WorldWinner.com, Inc
    [2012/03/23 01:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Worldwinner
    [2012/03/11 04:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Babylon
    [2012/03/11 04:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Babylon
    [2012/03/08 00:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
    [2012/03/10 22:24:30 | 001,241,440 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\D630_A18.exe
    [2012/03/10 22:24:30 | 001,228,992 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\D630_A17.EXE
    [2012/03/10 20:13:21 | 003,892,272 | ---- | M] () -- C:\Documents and Settings\TLC\My Documents\CW1337A0.exe
    [2012/03/23 01:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/03/24 18:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
    [2010/09/27 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/15 19:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2012/03/23 00:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    [2009/06/11 18:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/03/11 04:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Babylon
    [2012/03/24 20:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\blekkotb
    [2012/03/23 01:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Worldwinner
    [2012/03/23 01:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\ddeeedbadfaf.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
paradigm85

paradigm85

    New Member

  • Member
  • Pip
  • 5 posts
I am not sure if you wanted the log that came up right away after the reboot too or just the quick scan log. I posted both.


Here is the one that popped up:


All processes killed
========== OTL ==========
Service ddeeedbadfaf stopped successfully!
Service ddeeedbadfaf deleted successfully!
File C:\WINDOWS\ddeeedbadfaf.exe /s not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "Blekko" removed from browser.search.selectedEngine
Prefs.js: "http://blekko.com?so...ABB72475894466" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25\ deleted successfully.
C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} not found.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\wizard\ADA folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\wizard folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\components folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\data\search folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\data folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Grooveshark folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\css folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\newtab\images folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\newtab folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\ADA folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
C:\Program Files\blekkotb\auxi\blekkoAu.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
C:\Program Files\blekkotb\blekkoDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26c9e18c-3717-4be1-a225-04e4471f5b6e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ not found.
File C:\Program Files\blekkotb\blekkoDx.dll not found.
Starting removal of ActiveX control {8F6E7FB2-E56B-4F66-A4E1-9765D2565280}
C:\WINDOWS\Downloaded Program Files\iewwload.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8F6E7FB2-E56B-4F66-A4E1-9765D2565280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6E7FB2-E56B-4F66-A4E1-9765D2565280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8F6E7FB2-E56B-4F66-A4E1-9765D2565280}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6E7FB2-E56B-4F66-A4E1-9765D2565280}\ not found.
Starting removal of ActiveX control {C82BB209-F528-46F9-96D5-69DEF7260916}
C:\WINDOWS\Downloaded Program Files\mysterypi.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C82BB209-F528-46F9-96D5-69DEF7260916}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C82BB209-F528-46F9-96D5-69DEF7260916}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C82BB209-F528-46F9-96D5-69DEF7260916}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C82BB209-F528-46F9-96D5-69DEF7260916}\ not found.
C:\Documents and Settings\TLC\Application Data\blekkotb\widgets_cache folder moved successfully.
C:\Documents and Settings\TLC\Application Data\blekkotb\weather folder moved successfully.
C:\Documents and Settings\TLC\Application Data\blekkotb\search folder moved successfully.
C:\Documents and Settings\TLC\Application Data\blekkotb\messages folder moved successfully.
C:\Documents and Settings\TLC\Application Data\blekkotb\coupons folder moved successfully.
C:\Documents and Settings\TLC\Application Data\blekkotb folder moved successfully.
C:\Program Files\blekkotb\components folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\options folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\blekkotb\chrome\skin\lib folder moved successfully.
C:\Program Files\blekkotb\chrome\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\data\search folder moved successfully.
C:\Program Files\blekkotb\chrome\data folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap folder moved successfully.
C:\Program Files\blekkotb\chrome\content\widgets folder moved successfully.
C:\Program Files\blekkotb\chrome\content\newtab\images folder moved successfully.
C:\Program Files\blekkotb\chrome\content\newtab folder moved successfully.
C:\Program Files\blekkotb\chrome\content\modules folder moved successfully.
C:\Program Files\blekkotb\chrome\content\lib folder moved successfully.
C:\Program Files\blekkotb\chrome\content folder moved successfully.
C:\Program Files\blekkotb\chrome folder moved successfully.
C:\Program Files\blekkotb\auxi folder moved successfully.
C:\Program Files\blekkotb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Program Files\WorldWinner.com, Inc\WorldWinner Games folder moved successfully.
C:\Program Files\WorldWinner.com, Inc folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Worldwinner folder moved successfully.
C:\Documents and Settings\TLC\Local Settings\Application Data\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Documents and Settings\TLC\Local Settings\Application Data\Babylon\Setup folder moved successfully.
C:\Documents and Settings\TLC\Local Settings\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\TLC\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\zengems folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\shared folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\luxor folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\chuzzle\Textures\Backdrops folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\chuzzle\Textures folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\chuzzle\Sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\chuzzle\Fonts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\chuzzle folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\bookworm\sounds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\bookworm\images folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\bookworm\fonts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner\bookworm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WorldWinner folder moved successfully.
C:\Documents and Settings\TLC\My Documents\D630_A18.exe moved successfully.
C:\Documents and Settings\TLC\My Documents\D630_A17.EXE moved successfully.
C:\Documents and Settings\TLC\My Documents\CW1337A0.exe moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\All Users\Application Data\WorldWinner\ not found.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
Folder C:\Documents and Settings\TLC\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\TLC\Application Data\blekkotb\ not found.
Folder C:\Documents and Settings\TLC\Application Data\Worldwinner\ not found.
C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA\bin\1.0.5.0 folder moved successfully.
C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA\bin folder moved successfully.
C:\Documents and Settings\TLC\Local Settings\Application Data\AppKikxSA folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\TLC\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\TLC\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\ddeeedbadfaf.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TLC
->Temp folder emptied: 53358546 bytes
->Temporary Internet Files folder emptied: 49747068 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6821736 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2312 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 573 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 105.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 03262012_172923

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OK Here is the quick scan log:

OTL logfile created on: 3/26/2012 5:34:46 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TLC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 83.18% Memory free
4.82 Gb Paging File | 4.48 Gb Available in Paging File | 92.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 121.16 Gb Free Space | 81.29% Space Free | Partition Type: NTFS

Computer Name: TLC-I5ES5Z90XFA | User Name: TLC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 23:49:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
PRC - [2012/03/09 18:26:04 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/03/09 18:26:04 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/09 18:26:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/03/09 18:26:10 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/03/09 18:22:30 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/23 08:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2008/10/24 19:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2001/10/29 01:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/09 18:26:04 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TLC\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/23 23:45:43 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/12/23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/04/07 11:48:28 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/02/23 17:43:44 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/12/19 12:26:38 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/10/24 19:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2007/12/26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/01/12 18:45:46 | 000,060,544 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2005/05/31 11:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/06/17 15:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {FB15966D-9548-4919-89C3-0E5D97978C73}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{FB15966D-9548-4919-89C3-0E5D97978C73}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA ED 52 C9 1A FC CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FB15966D-9548-4919-89C3-0E5D97978C73}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FB15966D-9548-4919-89C3-0E5D97978C73}: "URL" = http://www.google.co...1I7GFRE_enUS331
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..keyword.URL: "http://www.oovoostar...&country=US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/10/28 23:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/23 01:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/23 01:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/23 01:09:17 | 000,000,000 | ---D | M]

[2009/07/26 22:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Extensions
[2009/07/26 22:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/24 16:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions
[2010/12/27 11:01:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 20:53:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/26 18:42:44 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\chachaguidebar@chacha.com
[2012/03/23 21:30:32 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\TLC\Application Data\Mozilla\Firefox\Profiles\kxbcpn2k.default\extensions\crossriderapp2258@crossrider.com
[2012/03/23 00:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/23 00:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/23 01:31:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/22 20:27:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/03/07 23:37:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/26 19:13:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/10/08 23:38:31 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/31 22:45:36 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2012/01/26 19:13:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\TLC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\TLC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.14.21_0\

O1 HOSTS File: ([2012/03/26 17:29:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244485218250 (WUWebControl Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0D5B411-543C-493F-9517-5407E99BFFF3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/09 17:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 17:29:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/26 17:24:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/24 23:58:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\TLC\Desktop\aswMBR.exe
[2012/03/24 23:49:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
[2012/03/24 18:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\My Documents\Amazon MP3
[2012/03/24 17:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Sunbelt Software
[2012/03/24 16:12:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/24 16:12:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/24 16:12:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/24 16:12:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/24 16:11:17 | 004,443,082 | R--- | C] (Swearware) -- C:\Documents and Settings\TLC\Desktop\ComboFix.exe
[2012/03/24 16:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/24 00:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Start Menu\Programs\HiJackThis
[2012/03/24 00:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/23 19:34:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/23 19:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/23 01:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\PackageAware
[2012/03/23 01:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\ApplicationHistory
[2012/03/23 01:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Start Menu\Programs\Dell Inc
[2012/03/23 01:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\Dell
[2012/03/23 01:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/03/23 01:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/03/23 01:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/23 01:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/03/23 01:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/23 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/23 00:25:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/22 20:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor
[2012/03/20 18:06:09 | 000,000,000 | ---D | C] -- C:\b410563d6ae12f2de5ae72b3d9
[2012/03/10 20:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/03/10 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/03/10 20:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\PCDr
[2012/03/10 20:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Local Settings\Application Data\Deployment
[2012/03/09 18:22:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/03/09 18:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/03/08 02:17:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/03/07 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 22:20:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/07 02:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\AVG
[2012/03/07 02:14:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/07 02:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 22:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WorldWinner Games
[2012/03/06 21:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TLC\Application Data\ElevatedDiagnostics
[2012/03/06 21:47:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

========== Files - Modified Within 30 Days ==========

[2012/03/26 17:35:35 | 000,442,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/26 17:35:35 | 000,071,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/26 17:32:25 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-789336058-839522115-1003.job
[2012/03/26 17:32:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/26 17:32:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 17:31:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/26 17:31:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 17:29:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/26 17:23:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/26 17:23:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/03/26 17:17:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 00:25:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\MBR.dat
[2012/03/24 23:58:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\TLC\Desktop\aswMBR.exe
[2012/03/24 23:49:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TLC\Desktop\OTL.exe
[2012/03/24 18:33:06 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/03/24 16:11:31 | 004,443,082 | R--- | M] (Swearware) -- C:\Documents and Settings\TLC\Desktop\ComboFix.exe
[2012/03/24 15:50:19 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\HiJackThis.lnk
[2012/03/23 23:45:43 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/23 22:06:26 | 000,000,307 | RHS- | M] () -- C:\boot.ini
[2012/03/23 21:49:40 | 000,453,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/23 19:12:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/23 02:18:33 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/22 20:53:18 | 000,012,335 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\all
[2012/03/22 20:02:46 | 001,324,628 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor.zip
[2012/03/20 18:06:06 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 04:13:31 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/03/10 22:22:47 | 000,029,063 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml
[2012/03/09 18:26:14 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/09 18:22:08 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/08 03:53:55 | 000,019,896 | ---- | M] () -- C:\Documents and Settings\TLC\Application Data\wklnhst.dat
[2012/03/08 01:52:28 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\TLC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/08 00:55:52 | 091,084,966 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012/03/06 19:23:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 18:40:16 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\TLC\Desktop\Microsoft Word.lnk
[2012/03/03 06:28:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-789336058-839522115-1003.job
[2012/03/02 18:29:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2012/03/25 00:06:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\MBR.dat
[2012/03/24 16:12:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/24 16:12:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/24 16:12:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/24 16:12:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/24 16:12:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/24 00:51:22 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\HiJackThis.lnk
[2012/03/23 22:17:23 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/23 19:34:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/23 19:34:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/22 20:53:18 | 000,012,335 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\all
[2012/03/22 20:02:25 | 001,324,628 | ---- | C] () -- C:\Documents and Settings\TLC\Desktop\ProcessMonitor.zip
[2012/03/11 04:13:31 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/10 22:22:40 | 000,029,063 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml
[2012/03/10 16:44:49 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/03/09 18:22:14 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/09 18:22:08 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/03/08 04:10:40 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/03/08 01:51:53 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/08 01:51:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\TLC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 19:07:06 | 091,084,966 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012/03/02 18:29:10 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/02 18:29:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/14 19:31:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/17 04:52:07 | 000,513,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/13 20:17:31 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/06/09 19:33:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 19:33:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/11 20:55:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 20:32:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/12 00:57:32 | 000,096,684 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/28 18:49:41 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgdoc2.dll
[2010/03/28 18:48:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/03/28 18:48:16 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini

========== LOP Check ==========

[2011/09/23 17:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/06/11 15:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/12/16 21:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/22 16:45:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/18 02:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/08/22 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/03/23 00:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/13 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/03/10 20:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/09/02 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/20 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/09/19 18:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Amazon
[2011/06/11 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Avery
[2012/03/07 02:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\AVG
[2012/03/06 21:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\ElevatedDiagnostics
[2012/03/23 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\eMusic
[2009/09/25 21:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\GetRightToGo
[2009/09/14 18:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Inspiration Software
[2009/11/30 01:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Multi File Downloader
[2011/06/13 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Nitro PDF
[2012/02/14 00:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\ooVoo Details
[2011/06/13 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\OpenCandy
[2010/02/20 21:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\OpenOffice.org
[2012/03/10 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PCDr
[2009/09/02 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PlayFirst
[2011/06/13 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\PrimoPDF
[2009/09/25 20:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Scribus
[2009/06/30 18:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\Template
[2010/02/20 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TLC\Application Data\WeatherBug
[2012/03/26 17:31:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Progress Review:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Misc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Level 5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\Institute:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TLC\My Documents\FirstClass:Roxio EMC Stream

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,841 posts
How is the computer behaving now ? What problems remain
  • 0

#8
paradigm85

paradigm85

    New Member

  • Member
  • Pip
  • 5 posts
First of all, thank you for your help. This virus has been awful to deal with. Anyways, at some point the iexplore.exe virus stopped eating up all of my CPU. However, multiple iexplore.exe processes are still in my task manager. And while they are not taking up excessive CPU (only up to 5% or so) the mem usage is still really high - one process at the moment is at 56,000 k and the other is at 126,000 k. Is the virus gone or is there something else I need to do?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,841 posts
As you have IE8 there will generally be two Iexplore processes running

The memory usage is not looking that bad - according to OTL for the last log you had 80% free . But I always feel that unused RAM is wasted :lol:

What are the high memory processes ?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,841 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Evil iexplore.exe virus - pleaseeee help! [Closed]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured