Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchnu.com infection via ilivid....


  • Please log in to reply

#1
Filterzon

Filterzon

    New Member

  • Member
  • Pip
  • 6 posts
Good Morning,

I would greatly appreciate help removing searchnu.com/qbyrd.com from my computer. I can see that I got it trying to download subtitles via ilivid.com. I have enclosed my OTL log. Thank you in advance for your time and any help.


OTL logfile created on: 11/04/2012 08:15:09 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ana\Pictures\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.71% Memory free
6.21 Gb Paging File | 4.47 Gb Available in Paging File | 71.96% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.19 Gb Total Space | 3.51 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive D: | 107.69 Gb Total Space | 106.77 Gb Free Space | 99.15% Space Free | Partition Type: NTFS

Computer Name: ANA-POOTER | User Name: ana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ana\Pictures\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Windows\System32\mmc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\ana\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\999ef784434ec236757b4a7398763785\TaskScheduler.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\d3f65df6ca5307d1d9635503e26952c8\MMCEx.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\721eab22dc9448c3a84463ead0641e70\MIGUIControls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ffc57525fe80f9b7cda217700adaa8f5\Microsoft.ManagementConsole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\198ebc0688376cf34789828a00ccc4cc\MMCFxCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\8dfba9717d7d59584769123e286c2ba9\EventViewer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\eAudioUI.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2405725

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{1A131F3C-FADA-480D-A7D7-5A8DF3653A23}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-23 21:01:53&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=VZ2
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...ms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: [email protected]:0.19.3
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:1.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/09 21:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 16:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/09 21:20:42 | 000,000,000 | ---D | M]

[2012/04/05 14:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Extensions
[2012/04/05 14:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions
[2012/03/18 18:31:34 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/03/23 20:49:51 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions\[email protected]
[2012/04/05 14:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/27 21:35:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2012/03/17 16:39:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/12 18:01:27 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/05 13:21:37 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.goconcie...ure/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B504BB32-075A-4386-801F-BCB183D3586F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5c03a6-5acf-11e1-af6a-d1a7f15f0fb8}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5c03a6-5acf-11e1-af6a-d1a7f15f0fb8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{236de692-18db-11e0-a1ad-b73a41de2d20}\Shell - "" = AutoRun
O33 - MountPoints2\{236de692-18db-11e0-a1ad-b73a41de2d20}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{236de6c0-18db-11e0-a1ad-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{236de6c0-18db-11e0-a1ad-001e101f859f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2c89869a-8f3c-11df-a824-8ffe23579a3f}\Shell - "" = AutoRun
O33 - MountPoints2\{2c89869a-8f3c-11df-a824-8ffe23579a3f}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{341673e1-267e-11e0-b1d4-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{341673e1-267e-11e0-b1d4-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{36a17afe-cfb1-11e0-961a-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{36a17afe-cfb1-11e0-961a-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3a55de80-f4d3-11de-bec1-9fec5e48c1a5}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{3a55de80-f4d3-11de-bec1-9fec5e48c1a5}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{7284b0d6-2036-11e0-ba64-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{7284b0d6-2036-11e0-ba64-001e101f1838}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a1d7c0e1-2873-11e0-b8ac-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{a1d7c0e1-2873-11e0-b8ac-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbd63e9a-8dc1-11df-ba02-b41c02c0dc24}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cbd63ea9-8dc1-11df-ba02-b41c02c0dc24}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{ce907a90-d02c-11e0-b2d2-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{ce907a90-d02c-11e0-b2d2-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\Auto\command - "" = autorun.bat
O33 - MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
O33 - MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\explore\Command - "" = autorun.bat
O33 - MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\Shell\AutoRun\command - "" = eyt.exe
O33 - MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\Shell\open\Command - "" = eyt.exe
O33 - MountPoints2\{ffa8598f-ce38-11e0-8ac1-e9a8fc9cf9a4}\Shell - "" = AutoRun
O33 - MountPoints2\{ffa8598f-ce38-11e0-8ac1-e9a8fc9cf9a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 10:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/10 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/05 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\Ilivid Player
[2012/04/05 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/03/29 08:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/27 13:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/04/11 08:12:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 08:02:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 07:43:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/11 07:43:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/11 07:36:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 07:36:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 07:36:18 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 07:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 19:05:30 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/10 18:44:24 | 094,379,315 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/10 18:43:32 | 000,410,824 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/10 10:05:41 | 000,001,061 | ---- | M] () -- C:\Users\ana\Desktop\Revo Uninstaller.lnk
[2012/04/09 11:08:45 | 000,001,356 | ---- | M] () -- C:\Users\ana\AppData\Local\d3d9caps.dat
[2012/04/08 15:22:40 | 000,002,627 | ---- | M] () -- C:\Users\ana\Desktop\Microsoft Office Word 2007.lnk
[2012/04/05 17:47:24 | 000,185,856 | ---- | M] () -- C:\Users\ana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/29 08:48:17 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 13:51:19 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/27 13:50:02 | 022,259,528 | ---- | M] () -- C:\Users\ana\Documents\vlc-2.0.1-win32.exe
[2012/03/21 19:39:57 | 000,234,186 | ---- | M] () -- C:\Users\ana\AppData\Roaming\UserTile.png
[2012/03/15 16:51:12 | 000,298,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/10 10:05:41 | 000,001,061 | ---- | C] () -- C:\Users\ana\Desktop\Revo Uninstaller.lnk
[2012/04/01 07:56:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 08:48:17 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 13:51:19 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/27 13:49:44 | 022,259,528 | ---- | C] () -- C:\Users\ana\Documents\vlc-2.0.1-win32.exe
[2012/03/22 16:20:12 | 000,002,627 | ---- | C] () -- C:\Users\ana\Desktop\Microsoft Office Word 2007.lnk
[2011/04/05 10:11:02 | 000,000,204 | ---- | C] () -- C:\Users\ana\AppData\Roaming\wklnhst.dat
[2010/08/03 18:24:51 | 000,001,356 | ---- | C] () -- C:\Users\ana\AppData\Local\d3d9caps.dat
[2010/05/09 21:20:03 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat

========== LOP Check ==========

[2009/03/20 18:39:00 | 000,000,000 | -HSD | M] -- C:\Users\ana\AppData\Roaming\.#
[2008/03/13 18:56:26 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Acer GameZone Console
[2011/10/23 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\AVG2012
[2012/04/05 18:04:48 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Azureus
[2009/03/27 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\CometNetwork
[2009/07/01 21:49:40 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\CopyTransPhoto
[2009/09/18 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\PeerNetworking
[2010/07/14 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Sony
[2011/01/05 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Telefónica
[2011/04/05 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Template
[2010/11/26 22:19:54 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Trusteer
[2009/07/01 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\WindSolutions
[2012/04/11 07:12:41 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560

< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Filterzon and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

Did you configured this proxy on Internet Explorer?

Do you have blinkx Toolbar installed in your computer. He isn't a malware but can monitor your browsing habits. Can I remove?

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2405725
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" =  http://isearch.avg.c...fr&d=2011-10-23  21:01:53&v=8.0.0.34&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=VZ2
    O33 - MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\Auto\command - "" = autorun.bat
    O33 -  MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\AutoRun\command  - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL  autorun.bat
    O33 - MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\Shell\explore\Command - "" = autorun.bat
    O33 - MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\Shell\AutoRun\command - "" = eyt.exe
    O33 - MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\Shell\open\Command - "" = eyt.exe
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
    
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



# Step 2 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




# Step 3 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
Filterzon

Filterzon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear GLeobas,

Thank you for your reply.

Here is the OTL log:

All processes killed
========== COMMANDS ==========

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dad83319-2b04-11e0-a529-001e101fe5e1}\ not found.
File autorun.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dad83319-2b04-11e0-a529-001e101fe5e1}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dad83319-2b04-11e0-a529-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dad83319-2b04-11e0-a529-001e101fe5e1}\ not found.
File autorun.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\ not found.
File eyt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f55f84f2-7a53-11df-9fd8-8d9f51c78627}\ not found.
File eyt.exe not found.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ana
->Temp folder emptied: 12808128 bytes
->Temporary Internet Files folder emptied: 136870378 bytes
->Java cache emptied: 3738320 bytes
->FireFox cache emptied: 126981018 bytes
->Google Chrome cache emptied: 216329780 bytes
->Flash cache emptied: 108866 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 560465090 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6057495334 bytes

Total Files Cleaned = 6,785.00 mb


[EMPTYFLASH]

User: All Users

User: ana
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04132012_202119

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


------------------------------------------------------------------


Here is the Malwarebytes log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ana :: ANA-POOTER [administrator]

14/04/2012 07:00:59
mbam-log-2012-04-14 (07-00-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373618
Time elapsed: 1 hour(s), 21 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------------------

And finally the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 21:30:41
-----------------------------
21:30:41.618 OS Version: Windows 6.0.6002 Service Pack 2
21:30:41.618 Number of processors: 2 586 0xF0D
21:30:41.619 ComputerName: ANA-POOTER UserName: ana
21:31:37.414 Initialize success
21:31:56.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:31:56.377 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:31:56.559 Disk 0 MBR read successfully
21:31:56.562 Disk 0 MBR scan
21:31:56.564 Disk 0 unknown MBR code
21:31:56.567 Disk 0 Partition 1 00 12 Compaq diag NTFS 10997 MB offset 63
21:31:56.716 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 113860 MB offset 22523904
21:31:56.887 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 110276 MB offset 255709184
21:31:57.409 Disk 0 Partition 4 00 12 Compaq diag NTFS 3340 MB offset 481554432
21:31:57.661 Disk 0 scanning sectors +488394752
21:31:58.508 Disk 0 scanning C:\Windows\system32\drivers
21:32:15.627 Service scanning
21:32:36.700 Modules scanning
21:32:53.023 Disk 0 trace - called modules:
21:32:53.058 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:32:53.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x888a3ac8]
21:32:53.068 3 CLASSPNP.SYS[8cda48b3] -> nt!IofCallDriver -> [0x87d28700]
21:32:53.073 5 acpi.sys[84a886bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87d2e028]
21:32:53.078 Scan finished successfully
21:33:08.038 Disk 0 MBR has been saved successfully to "C:\Users\ana\Desktop\MBR.dat"
21:33:08.043 The log file has been saved successfully to "C:\Users\ana\Desktop\aswMBR.txt"

---------------------------------------------------------

Again, I really appreciate your help.


Kind regards

Adam.
  • 0

#5
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#6
Filterzon

Filterzon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear WhiteHat,

Thanks for your help too.

Here is the OTL log:

OTL logfile created on: 15/04/2012 21:33:33 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ana\Pictures\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.39% Memory free
6.20 Gb Paging File | 4.85 Gb Available in Paging File | 78.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.19 Gb Total Space | 11.54 Gb Free Space | 10.38% Space Free | Partition Type: NTFS
Drive D: | 107.69 Gb Total Space | 106.63 Gb Free Space | 99.01% Space Free | Partition Type: NTFS

Computer Name: ANA-POOTER | User Name: ana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ana\Pictures\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Users\ana\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\eAudioUI.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{1A131F3C-FADA-480D-A7D7-5A8DF3653A23}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...ms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: [email protected]:0.19.3
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:1.5
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/09 21:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 16:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/09 21:20:42 | 000,000,000 | ---D | M]

[2012/04/05 14:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Extensions
[2012/04/05 14:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions
[2012/03/18 18:31:34 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/03/23 20:49:51 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\pfy3qmtl.default\extensions\[email protected]
[2012/04/05 14:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/27 21:35:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2012/03/17 16:39:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/12 18:01:27 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/05 13:21:37 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012/04/12 08:58:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.goconcie...ure/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B504BB32-075A-4386-801F-BCB183D3586F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5c03a6-5acf-11e1-af6a-d1a7f15f0fb8}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5c03a6-5acf-11e1-af6a-d1a7f15f0fb8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{236de692-18db-11e0-a1ad-b73a41de2d20}\Shell - "" = AutoRun
O33 - MountPoints2\{236de692-18db-11e0-a1ad-b73a41de2d20}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{236de6c0-18db-11e0-a1ad-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{236de6c0-18db-11e0-a1ad-001e101f859f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2c89869a-8f3c-11df-a824-8ffe23579a3f}\Shell - "" = AutoRun
O33 - MountPoints2\{2c89869a-8f3c-11df-a824-8ffe23579a3f}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{341673e1-267e-11e0-b1d4-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{341673e1-267e-11e0-b1d4-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{36a17afe-cfb1-11e0-961a-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{36a17afe-cfb1-11e0-961a-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3a55de80-f4d3-11de-bec1-9fec5e48c1a5}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{3a55de80-f4d3-11de-bec1-9fec5e48c1a5}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{7284b0d6-2036-11e0-ba64-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{7284b0d6-2036-11e0-ba64-001e101f1838}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a1d7c0e1-2873-11e0-b8ac-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{a1d7c0e1-2873-11e0-b8ac-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbd63e9a-8dc1-11df-ba02-b41c02c0dc24}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cbd63ea9-8dc1-11df-ba02-b41c02c0dc24}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{ce907a90-d02c-11e0-b2d2-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{ce907a90-d02c-11e0-b2d2-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ffa8598f-ce38-11e0-8ac1-e9a8fc9cf9a4}\Shell - "" = AutoRun
O33 - MountPoints2\{ffa8598f-ce38-11e0-8ac1-e9a8fc9cf9a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 21:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WordPerfect Office X5
[2012/04/13 20:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/04/13 20:21:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/12 08:58:24 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/12 08:34:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 08:34:04 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 08:34:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 08:34:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 08:34:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 08:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 08:33:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 08:33:12 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 10:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/10 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/05 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\Ilivid Player
[2012/04/05 13:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/01 07:56:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/29 08:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/27 13:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/04/15 21:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 21:01:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 20:32:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 20:32:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 18:39:01 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/15 18:39:01 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/15 18:36:14 | 095,083,502 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/15 18:32:42 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 18:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 21:33:08 | 000,000,512 | ---- | M] () -- C:\Users\ana\Desktop\MBR.dat
[2012/04/14 20:12:06 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 20:12:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/14 18:12:11 | 000,411,206 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/14 07:05:37 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/14 07:00:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 08:58:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/11 19:25:20 | 000,186,880 | ---- | M] () -- C:\Users\ana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 10:05:41 | 000,001,061 | ---- | M] () -- C:\Users\ana\Desktop\Revo Uninstaller.lnk
[2012/04/09 11:08:45 | 000,001,356 | ---- | M] () -- C:\Users\ana\AppData\Local\d3d9caps.dat
[2012/04/08 15:22:40 | 000,002,627 | ---- | M] () -- C:\Users\ana\Desktop\Microsoft Office Word 2007.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/29 08:48:17 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 13:51:19 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/27 13:50:02 | 022,259,528 | ---- | M] () -- C:\Users\ana\Documents\vlc-2.0.1-win32.exe
[2012/03/21 19:39:57 | 000,234,186 | ---- | M] () -- C:\Users\ana\AppData\Roaming\UserTile.png

========== Files Created - No Company Name ==========

[2012/04/14 21:33:08 | 000,000,512 | ---- | C] () -- C:\Users\ana\Desktop\MBR.dat
[2012/04/14 07:00:02 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 10:05:41 | 000,001,061 | ---- | C] () -- C:\Users\ana\Desktop\Revo Uninstaller.lnk
[2012/04/01 07:56:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 08:48:17 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 13:51:19 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/03/27 13:49:44 | 022,259,528 | ---- | C] () -- C:\Users\ana\Documents\vlc-2.0.1-win32.exe
[2012/03/22 16:20:12 | 000,002,627 | ---- | C] () -- C:\Users\ana\Desktop\Microsoft Office Word 2007.lnk
[2011/04/05 10:11:02 | 000,000,204 | ---- | C] () -- C:\Users\ana\AppData\Roaming\wklnhst.dat
[2010/08/03 18:24:51 | 000,001,356 | ---- | C] () -- C:\Users\ana\AppData\Local\d3d9caps.dat
[2010/05/09 21:20:03 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat

< End of report >


It's like reading the Sunday papers.

Kind regards,

Adam
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2012/04/05 13:21:37 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
    O3 - HKLM\..\Toolbar: (The blinkx Toolbar) -  {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote  Toolbar\the_blinkx_toolbar.dll File not found
    
    :Files
    C:\Program Files\blinkx Remote Toolbar
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#8
Filterzon

Filterzon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear WhiteHat,

Here is the OTL file:

========== OTL ==========
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Unable to fix default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6}\ deleted successfully.
========== FILES ==========
C:\Program Files\blinkx Remote Toolbar folder moved successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_211921


And here is the ESET file (no threats found)


# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4d89bd63ca3c08428b3cc8705df98b41
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-19 12:32:36
# local_time=2012-04-19 01:32:36 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 15381257 15381257 0 0
# compatibility_mode=5892 16776574 100 100 60342427 172313561 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=237429
# found=0
# cleaned=0
# scan_time=14723


Thank you very much.

Adam.
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe.
  • 0

#10
Filterzon

Filterzon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear WhiteHat,

Thank you for all your advice. I hate to say it but I may not of followed your instructions properly.....

When I open Firefox, Google comes up. But when I open a new tab it's http://uk.search-results.com/
  • 0

#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Create a new profile in Mozilla Firefox:
http://support.mozil...naging-profiles

PS: Don't delete the other profile. If you have any bookmarks, see this page to know how to export them:
http://support.mozil...rowsing-history

  • 0

#12
Filterzon

Filterzon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear WhiteHat,

You are the man (or woman)!

Thank you for your advice.

How can I thank you?

Perhaps you should start selling t-shirts with "I have been cured" printed on it.

I'd buy one.

Adam.
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay, I was travelling.

You can donate to the Geeks To Go:
http://www.geekstogo...on-information/

I'm glad to help you. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP