Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Home page keeps changing, firewall turned off [Closed] [Solved]


  • This topic is locked This topic is locked

#1
edhalfdead

edhalfdead

    Member

  • Member
  • PipPip
  • 89 posts
For the last couple of days my roommates computer started changing her home page from igoogle.com to su...something. She doesn't remember. Today it started running real slow online and then it froze. Then the security center popped up saying that the firewall was turned off. She tried to start it again but cannot. She also told me that Microsoft update is no longer working.
I downloaded OTL on a thumb drive and had her run it. Here is the OTL log:


OTL logfile created on: 4/23/2012 3:54:36 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = F:\Documents and Settings\Bubbles2000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.86% Memory free
3.84 Gb Paging File | 2.67 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6.36 Gb Total Space | 1.37 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1312.35 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 61.93 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive F: | 68.11 Gb Total Space | 5.88 Gb Free Space | 8.64% Space Free | Partition Type: NTFS
Drive H: | 7.98 Gb Total Space | 7.98 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: GARGOYLE2 | User Name: Bubbles2000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 03:31:42 | 000,594,944 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
PRC - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/12 05:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- F:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/03/07 11:30:14 | 006,426,672 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/05 15:10:32 | 003,530,752 | ---- | M] () -- C:\ManageEngine\EventLog\mysql\bin\mysqld-nt.exe
PRC - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) -- C:\ManageEngine\EventLog\bin\wrapper.exe
PRC - [2012/03/05 15:10:32 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\ManageEngine\EventLog\jre\bin\java.exe
PRC - [2012/03/03 21:42:56 | 016,575,824 | ---- | M] (Comfort Software Group) -- F:\Program Files\HotAlarmClock\HotAlarmClock.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/11/26 00:54:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/11/24 00:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/09/26 19:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- F:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
PRC - [2011/04/03 02:30:39 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- F:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/11/10 15:41:14 | 000,036,864 | ---- | M] (MAXA Research Int'l Inc.) -- F:\Program Files\MAXA Security Tools\Lock\tray.exe
PRC - [2009/09/24 18:41:40 | 000,933,888 | ---- | M] (Silicon Motion) -- F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
PRC - [2008/07/21 12:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/22 09:52:18 | 001,770,496 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\12042201\algo.dll
MOD - [2012/04/20 16:31:48 | 000,572,128 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\12042201\Sf.bin
MOD - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/07 11:30:07 | 000,213,552 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\Setup\setiface.dll
MOD - [2012/03/05 15:10:32 | 003,530,752 | ---- | M] () -- C:\ManageEngine\EventLog\mysql\bin\mysqld-nt.exe
MOD - [2012/03/05 15:10:32 | 000,045,138 | ---- | M] () -- C:\ManageEngine\EventLog\lib\native\AdventnetOper.dll
MOD - [2012/01/09 06:04:52 | 000,998,400 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/09 06:02:30 | 000,971,264 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/09 04:08:34 | 005,450,752 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/09 04:08:27 | 012,430,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/09 04:08:13 | 001,587,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/09 04:06:48 | 007,950,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/09 04:06:37 | 011,490,816 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
MOD - [2011/11/24 00:05:40 | 000,921,600 | ---- | M] () -- F:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/11/24 00:05:26 | 000,078,336 | ---- | M] () -- F:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- F:\WINDOWS\system32\quartz.dll
MOD - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
MOD - [2011/04/23 20:02:19 | 000,020,480 | ---- | M] () -- F:\Program Files\Nwmao\a.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- F:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- F:\WINDOWS\system32\devenum.dll
MOD - [2005/04/15 14:18:30 | 000,483,328 | ---- | M] () -- F:\WINDOWS\system32\lxcglmpm.dll
MOD - [2005/03/13 11:32:14 | 000,061,440 | ---- | M] () -- F:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ql12nses)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () [Auto | Running] -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\ManageEngine\EventLog\bin\wrapper.exe -- (eventloganalyzer)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/04/15 14:15:30 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- F:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys -- (VDSDK)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- F:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/05 15:10:32 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/02 18:17:50 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2010/09/14 05:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 05:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- F:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magen...&loc=search_box

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://igoogle.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0FFD0622-4D96-4E1A-AF5A-8F060666C048}: "URL" = http://flvtubesearch...6ea0125f17907aa
IE - HKCU\..\SearchScopes\{909D53DD-ED5F-405B-879E-5F5CD26B7C05}: "URL" = http://www.google.co...Terms}&aq=f&oq=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{C71BC1A6-2DA3-494F-B350-DCA7E3B1066C}: "URL" = http://www.facebook....q={searchTerms}
IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magen...&loc=search_box
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...box_im2_test_v2
IE - HKCU\..\SearchScopes\{DA86AD01-5D44-4210-AB05-4B50023433F4}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_121.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: F:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: F:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 00:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/07 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/21 21:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/28 16:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/21 21:08:16 | 000,000,000 | ---D | M]

[2012/03/22 05:06:05 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Extensions
[2012/04/22 17:32:37 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions
[2012/03/14 10:18:04 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/07/18 00:26:50 | 000,000,000 | ---D | M] (Flashblock) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/01/25 16:58:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 04:00:12 | 000,000,000 | ---D | M] (NoScript) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012/03/22 05:05:56 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/11/11 02:15:52 | 000,000,000 | ---D | M] (gTranslate) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012/04/03 15:16:01 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/29 20:24:56 | 000,000,000 | ---D | M] (Answers) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/07/07 20:45:06 | 000,000,000 | ---D | M] (Web2PDF converter) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2012/04/14 01:55:19 | 000,000,000 | ---D | M] (Ant Video Downloader) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/02/05 10:01:31 | 000,000,000 | ---D | M] (Ask Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/04/21 00:37:17 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2011/11/27 07:03:10 | 000,001,945 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\bing-zugo.xml
[2010/12/04 11:37:46 | 000,004,925 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\deeperweb.xml
[2010/10/17 01:46:49 | 000,002,027 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\google-translate-any--en.xml
[2010/06/02 20:35:18 | 000,002,139 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\MyStart Search.xml
[2012/03/22 05:05:40 | 000,002,519 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\Search_Results.xml
[2012/03/21 21:15:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
() (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\[email protected]
[2012/03/07 11:31:20 | 000,000,000 | ---D | M] (avast! WebRep) -- F:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - F:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - F:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - F:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - F:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ApnUpdater] F:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] F:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MAXA-LockTray] F:\Program Files\MAXA Security Tools\Lock\tray.exe (MAXA Research Int'l Inc.)
O4 - HKLM..\Run: [Odsspo] F:\Program Files\Nwmao\Rlkkhgs.exe ()
O4 - HKLM..\Run: [StartNowToolbarHelper] "F:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VRS] "F:\Program Files\NCH Software\VRS\vrs.exe" -logon File not found
O4 - HKCU..\Run: [HotAlarmClock] F:\Program Files\HotAlarmClock\HotAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] F:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\STIMON.lnk = F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\CNET TechTracker.lnk = F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\Dropbox.lnk = F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: F:\Documents and Settings\Bubbles2000\Desktop\Colorado\Colorado = Colorado [2012/03/22 06:32:52 | 000,000,000 | ---D | M]
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91EA0E0-F8AD-4018-AE7C-BD0430F21082}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (F:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - F:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (F:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - F:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 02:20:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/27 00:03:47 | 000,027,568 | ---- | M] () - E:\autopay_DPA.pdf -- [ NTFS ]
O33 - MountPoints2\{1141289c-bad5-11df-a03b-001d097dc74a}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 03:53:02 | 000,594,944 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/04/21 11:43:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\me
[2012/04/21 11:42:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\dogstw
[2012/04/19 05:18:14 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Suite.aspx_files
[2012/04/13 04:17:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Bank info
[2012/04/08 12:40:45 | 000,343,040 | ---- | C] (Microsoft Corporation) -- F:\Documents and Settings\Bubbles2000\Desktop\mspaint.exe
[2012/04/03 15:39:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Ilivid Player
[2012/04/01 12:45:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\AppData
[2012/04/01 12:45:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Application Data\searchquband
[2012/04/01 12:33:07 | 000,000,000 | ---D | C] -- F:\Program Files\Multi Webcam Video Recorder
[2012/04/01 12:33:07 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Multi Webcam Video Recorder
[2012/04/01 12:32:42 | 000,911,944 | ---- | C] (DGTSoft Inc. ) -- F:\Program Files\multi-webcam-video-recorder_setup.exe
[2012/03/29 19:51:41 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\NCH Software
[2012/03/25 04:41:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\1_files

========== Files - Modified Within 30 Days ==========

[2012/04/23 04:01:00 | 000,000,246 | ---- | M] () -- F:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/04/23 03:48:00 | 000,000,290 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/04/23 03:47:50 | 000,000,892 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/23 03:47:48 | 000,000,294 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/04/23 03:47:09 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/04/23 03:31:42 | 000,594,944 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/04/23 00:32:00 | 000,000,896 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/23 00:18:00 | 000,001,002 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004UA.job
[2012/04/23 00:05:00 | 000,000,830 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/22 19:18:00 | 000,000,950 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004Core1cc209613fe80f2.job
[2012/04/22 04:13:00 | 000,000,302 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/04/20 20:22:02 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 14:56:23 | 000,232,448 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/19 18:47:16 | 004,107,024 | ---- | M] (PC Cleaners) -- F:\WINDOWS\uninst.exe
[2012/04/19 03:15:37 | 000,000,298 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/04/15 14:48:28 | 000,030,094 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead4.JPG
[2012/04/15 14:35:45 | 000,045,509 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead.jpg
[2012/04/15 14:33:53 | 000,045,481 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead 2.JPG
[2012/04/15 14:29:51 | 000,041,349 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\wow4.JPG
[2012/04/15 04:13:38 | 000,315,187 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\wow.jpg
[2012/04/13 18:20:29 | 000,002,339 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Google Chrome.lnk
[2012/04/13 18:20:29 | 000,002,317 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/12 10:28:00 | 000,000,280 | ---- | M] () -- F:\WINDOWS\tasks\debutShakeIcon.job
[2012/04/11 22:56:56 | 000,000,793 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 15:31:12 | 000,122,015 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\shipping ok.jpg
[2012/04/02 19:25:11 | 000,004,982 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\wklnhst.dat
[2012/04/01 12:33:08 | 000,000,812 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Multi Webcam Video Recorder.lnk
[2012/04/01 12:32:43 | 000,911,944 | ---- | M] (DGTSoft Inc. ) -- F:\Program Files\multi-webcam-video-recorder_setup.exe
[2012/03/25 05:44:37 | 000,002,258 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\A note to Peter2.rtf
[2012/03/25 04:41:35 | 000,305,771 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\1.htm

========== Files Created - No Company Name ==========

[2012/04/20 00:26:25 | 000,014,600 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\SniffPass.chm
[2012/04/15 14:48:28 | 000,030,094 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead4.JPG
[2012/04/15 14:33:38 | 000,045,481 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead 2.JPG
[2012/04/15 14:29:51 | 000,041,349 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\wow4.JPG
[2012/04/15 09:32:51 | 000,045,509 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\redhead.jpg
[2012/04/15 04:13:37 | 000,315,187 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\wow.jpg
[2012/04/04 15:31:00 | 000,122,015 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\shipping ok.jpg
[2012/04/01 12:33:08 | 000,000,812 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Multi Webcam Video Recorder.lnk
[2012/03/25 05:44:37 | 000,002,258 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\A note to Peter2.rtf
[2012/03/25 04:41:34 | 000,305,771 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\1.htm
[2012/03/19 11:29:26 | 000,038,187 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\KeyBlaze.dmp
[2012/03/02 22:59:54 | 000,108,032 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2012/02/20 21:46:15 | 000,000,043 | ---- | C] () -- F:\WINDOWS\gswin32.ini
[2011/11/26 23:18:56 | 002,062,304 | ---- | C] () -- F:\Program Files\installspeedfan443.exe
[2011/10/31 18:16:38 | 015,854,592 | ---- | C] () -- F:\Program Files\Setup.msi
[2011/10/28 17:22:15 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\treeskp.sys
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\sbacknt.bin
[2010/11/29 16:53:55 | 000,000,037 | ---- | C] () -- F:\WINDOWS\Viewer.ini
[2010/09/02 00:33:54 | 000,015,360 | ---- | C] () -- F:\WINDOWS\System32\bdmjpeg.dll
[2010/09/02 00:32:52 | 000,058,368 | ---- | C] () -- F:\WINDOWS\System32\bdmpegv.dll
[2010/08/25 06:28:07 | 000,000,031 | ---- | C] () -- F:\WINDOWS\System32\wocsodsini.dll
[2010/08/25 06:27:47 | 000,000,530 | ---- | C] () -- F:\WINDOWS\System32\tx14_ic.ini
[2010/08/25 06:09:41 | 001,774,720 | ---- | C] () -- F:\WINDOWS\System32\BootMan.exe
[2010/08/25 06:09:41 | 000,086,408 | ---- | C] () -- F:\WINDOWS\System32\setupempdrv03.exe
[2010/08/25 06:09:41 | 000,014,848 | ---- | C] () -- F:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/25 06:09:41 | 000,013,192 | ---- | C] () -- F:\WINDOWS\System32\epmntdrv.sys
[2010/08/25 06:09:41 | 000,008,456 | ---- | C] () -- F:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/23 22:17:42 | 000,000,132 | -H-- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\lakerda1967.sys
[2010/07/23 22:13:46 | 000,010,584 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\docXConverter (3).ini
[2010/06/28 06:32:59 | 000,000,025 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2010/06/18 01:14:54 | 000,024,575 | ---- | C] () -- F:\WINDOWS\System32\Mpwinapppiobas69.dat
[2010/06/17 14:07:29 | 000,112,156 | ---- | C] () -- F:\WINDOWS\System32\winobj92.dat
[2010/06/15 07:29:22 | 000,000,552 | ---- | C] () -- F:\WINDOWS\System32\d3d8caps.dat
[2010/06/01 19:24:12 | 000,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2010/05/31 13:49:28 | 000,000,664 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 22:52:43 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\lxcgvs.dll
[2010/05/29 22:52:42 | 001,134,592 | ---- | C] () -- F:\WINDOWS\System32\lxcgusb1.dll
[2010/05/29 22:52:42 | 000,708,608 | ---- | C] () -- F:\WINDOWS\System32\lxcgcomc.dll
[2010/05/29 22:52:42 | 000,491,520 | ---- | C] () -- F:\WINDOWS\System32\lxcgcoms.exe
[2010/05/29 22:52:42 | 000,483,328 | ---- | C] () -- F:\WINDOWS\System32\lxcglmpm.dll
[2010/05/29 22:52:42 | 000,413,696 | ---- | C] () -- F:\WINDOWS\System32\lxcgcomm.dll
[2010/05/29 22:52:42 | 000,372,736 | ---- | C] () -- F:\WINDOWS\System32\lxcgih.exe
[2010/05/29 22:52:42 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\lxcgprox.dll
[2010/05/29 22:52:42 | 000,114,688 | ---- | C] () -- F:\WINDOWS\System32\lxcgpplc.dll
[2010/05/29 22:52:41 | 001,191,936 | ---- | C] () -- F:\WINDOWS\System32\lxcgserv.dll
[2010/05/28 01:47:07 | 000,000,091 | ---- | C] () -- F:\WINDOWS\DVM.INI
[2010/05/27 23:46:32 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\ChCfg.exe
[2010/05/27 22:16:54 | 000,004,982 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\wklnhst.dat
[2010/05/27 21:45:33 | 000,232,448 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 03:44:01 | 000,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2010/05/27 03:36:41 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2010/05/27 03:33:20 | 000,021,640 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2010/05/26 18:41:45 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2010/05/26 18:40:52 | 000,157,160 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5C1D8A71
@Alternate Data Stream - 133 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:029E021F
@Alternate Data Stream - 106 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:67BC4708
@Alternate Data Stream - 102 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:029666E0

< End of report >


Thank you in advance for any help you can offer...ed
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, edhalfdead! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.





P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.






Step 1.

Uninstall Ask.com and Searchqu Toolbar using Add/Remove programs


Step 2.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2012/03/12 05:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- F:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
    PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- F:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2011/04/03 02:30:39 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- F:\Program Files\uTorrent\uTorrent.exe
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magen...&loc=search_box
    IE - HKCU\..\SearchScopes\{0FFD0622-4D96-4E1A-AF5A-8F060666C048}: "URL" = http://flvtubesearch...6ea0125f17907aa
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{C71BC1A6-2DA3-494F-B350-DCA7E3B1066C}: "URL" = http://www.facebook....q={searchTerms}
    IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magen...&loc=search_box
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...box_im2_test_v2
    IE - HKCU\..\SearchScopes\{DA86AD01-5D44-4210-AB05-4B50023433F4}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_flvtube_results&prt=flvtubetb01ff&clid=c3a2b09ca05f4b2996ea0125f17907aa&subid=3235&Keywords={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
    [2012/03/22 05:05:56 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2010/05/29 20:24:56 | 000,000,000 | ---D | M] (Answers) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
    [2012/02/05 10:01:31 | 000,000,000 | ---D | M] (Ask Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
    [2011/11/27 07:03:10 | 000,001,945 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\bing-zugo.xml
    [2010/12/04 11:37:46 | 000,004,925 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\deeperweb.xml
    [2010/06/02 20:35:18 | 000,002,139 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\MyStart Search.xml
    [2012/03/22 05:05:40 | 000,002,519 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\Search_Results.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - F:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - F:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - F:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [StartNowToolbarHelper] "F:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    O4 - HKCU..\Run: [uTorrent] F:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O20 - AppInit_DLLs: (F:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - F:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (F:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - F:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O33 - MountPoints2\{1141289c-bad5-11df-a03b-001d097dc74a}\Shell\AutoRun\command - "" = H:\setupSNK.exe
    [2012/04/03 15:39:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Ilivid Player
    [2012/04/01 12:45:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Application Data\searchquband
    [2012/04/23 04:01:00 | 000,000,246 | ---- | M] () -- F:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    
    
    
    :files
    ipconfig /flushdns /c
    F:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
    F:\Program Files\Ask.com\Updater\Updater.exe
    F:\Program Files\uTorrent\uTorrent.exe
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 4.

Delete your current copy of OTL

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Post the log


Step 5.

Please post:

OTL fix log
OTL.txt
aswMBR log



Please give me an update on how the computer is performing.
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Re opened at user request.


Please post the logs requested in Post #2.

Regards,

CompCav
  • 0

#5
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Thank you CompCav,
Here are the three reports you requested:

All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
No active process named Updater.exe was found!
No active process named uTorrent.exe was found!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD10120B-C165-4f8d-8C74-639629E238FF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FFD0622-4D96-4E1A-AF5A-8F060666C048}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FFD0622-4D96-4E1A-AF5A-8F060666C048}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C71BC1A6-2DA3-494F-B350-DCA7E3B1066C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C71BC1A6-2DA3-494F-B350-DCA7E3B1066C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD10120B-C165-4f8d-8C74-639629E238FF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA86AD01-5D44-4210-AB05-4B50023433F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA86AD01-5D44-4210-AB05-4B50023433F4}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://flvtubesearch...={searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "http://dts.search-re...id=406&sr=0&q=" removed from keyword.URL
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}\META-INF folder moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}\chrome folder moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} folder moved successfully.
Folder F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]\ not found.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\bing-zugo.xml moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\deeperweb.xml moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\MyStart Search.xml moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
F:\Program Files\StartNow Toolbar\Toolbar32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
File F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
File F:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File F:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File F:\Program Files\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File F:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File F:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
File F:\Program Files\uTorrent\uTorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:F:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File F:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:F:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File F:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1141289c-bad5-11df-a03b-001d097dc74a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1141289c-bad5-11df-a03b-001d097dc74a}\ not found.
File H:\setupSNK.exe not found.
F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Ilivid Player folder moved successfully.
F:\Documents and Settings\Bubbles2000\Application Data\searchquband folder moved successfully.
File F:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\Documents and Settings\Bubbles2000\Desktop\cmd.bat deleted successfully.
F:\Documents and Settings\Bubbles2000\Desktop\cmd.txt deleted successfully.
File\Folder F:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
File\Folder F:\Program Files\Ask.com\Updater\Updater.exe not found.
File\Folder F:\Program Files\uTorrent\uTorrent.exe not found.
========== REGISTRY ==========
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 86747615 bytes
->Flash cache emptied: 57370 bytes

User: All Users

User: Bubbles2000
->Temp folder emptied: 1111648253 bytes
->Temporary Internet Files folder emptied: 209710501 bytes
->Java cache emptied: 13969122 bytes
->FireFox cache emptied: 251812628 bytes
->Google Chrome cache emptied: 65239289 bytes
->Flash cache emptied: 12993 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Guest
->Temp folder emptied: 17290 bytes
->Temporary Internet Files folder emptied: 33224 bytes
->Flash cache emptied: 56672 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 66819 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1100803 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23539964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 238530210 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 50275255 bytes

Total Files Cleaned = 1,958.00 mb


OTL by OldTimer - Version 3.2.41.0 log created on 05032012_073636

Files\Folders moved on Reboot...
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\ST1UIH4T\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\P7RTCMNS\core_core.config_core.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-US_opensocial-data_rpc_shindig.auth_yahoo.internal.urlrewrite_yahoo.l10n[1] not found!
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\KGXXWPRS\ensocial-0.8_opensocial-0.9_opensocial-base_opensocial-data_opensocial-jsonrpc_opensocial-reference_rpc_security-token_shindig.auth_views_yahoo.internal.urlrewrite_yahoo.l10n[1] not found!
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\KGXXWPRS\re.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-US_opensocial-data_rpc_shindig.auth_yahoo.internal.urlrewrite_yahoo.l10n.api_yap_yap.feature[1].classic not found!
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\BENPZ589\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
File\Folder F:\Documents and Settings\Bubbles2000\Local Settings\Temp\Temporary Internet Files\Content.IE5\1QIGA3ZS\HKGwG0yyoa5NQdnmivCFHNJm8bfDOw3txYzlN14AvGK86HwpZawCtrsPRVPIPoUtCREpe5qpMSH0aql3zfmFrjwXG2s3xCBdxZ5tssPi73ICfLyhkcktnkMDDTYuQBErdcoCbrKMQjjbr0PXCd6f3g--[1].jpg not found!
File move failed. F:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

##################################################################################################################

OTL logfile created on: 5/3/2012 8:33:34 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = F:\Documents and Settings\Bubbles2000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
3.84 Gb Paging File | 3.19 Gb Available in Paging File | 83.07% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6.36 Gb Total Space | 1.44 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1312.31 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 61.93 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive F: | 68.11 Gb Total Space | 8.08 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
Drive G: | 536.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.45 Gb Total Space | 6.49 Gb Free Space | 87.09% Space Free | Partition Type: FAT32

Computer Name: GARGOYLE2 | User Name: Bubbles2000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 19:19:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
PRC - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/03 21:42:56 | 016,575,824 | ---- | M] (Comfort Software Group) -- F:\Program Files\HotAlarmClock\HotAlarmClock.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/11/26 00:54:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/09/26 19:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/12 05:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/11/10 15:41:14 | 000,036,864 | ---- | M] (MAXA Research Int'l Inc.) -- F:\Program Files\MAXA Security Tools\Lock\tray.exe
PRC - [2009/09/24 18:41:40 | 000,933,888 | ---- | M] (Silicon Motion) -- F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
PRC - [2008/07/21 12:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/02 23:58:53 | 001,771,520 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\12050300\algo.dll
MOD - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/09 06:04:52 | 000,998,400 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/09 06:02:30 | 000,971,264 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/09 04:08:34 | 005,450,752 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/09 04:08:27 | 012,430,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/09 04:08:13 | 001,587,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/09 04:06:48 | 007,950,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/09 04:06:37 | 011,490,816 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
MOD - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
MOD - [2011/04/23 20:02:19 | 000,020,480 | ---- | M] () -- F:\Program Files\Nwmao\a.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- F:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- F:\WINDOWS\system32\devenum.dll
MOD - [2007/05/07 08:06:02 | 000,128,000 | ---- | M] () -- F:\Program Files\ImageBadger\extib.dll
MOD - [2005/04/15 14:18:30 | 000,483,328 | ---- | M] () -- F:\WINDOWS\system32\lxcglmpm.dll
MOD - [2005/03/13 11:32:14 | 000,061,440 | ---- | M] () -- F:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ql12nses)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () [Auto | Running] -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) [Auto | Stopped] -- C:\ManageEngine\EventLog\bin\wrapper.exe -- (eventloganalyzer)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/04/15 14:15:30 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- F:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys -- (VDSDK)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- F:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/05 15:10:32 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/02 18:17:50 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2010/09/14 05:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 05:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- F:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://igoogle.com/
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{909D53DD-ED5F-405B-879E-5F5CD26B7C05}: "URL" = http://www.google.co...Terms}&aq=f&oq=
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngineURL: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.12
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - prefs.js..extensions.enabledItems: [email protected]:10.2.0.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.14
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:00&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_121.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: F:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: F:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 00:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/07 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/21 21:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: F:\Program Files\components [2012/05/02 17:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: F:\Program Files\plugins [2012/05/02 17:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/01 21:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/01 21:15:47 | 000,000,000 | ---D | M]

[2012/05/02 18:46:57 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Extensions
[2012/05/03 07:36:44 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions
[2012/05/02 18:48:13 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/05/01 21:04:29 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2)
[2011/07/18 00:26:50 | 000,000,000 | ---D | M] (Flashblock) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/01/25 16:58:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 04:00:12 | 000,000,000 | ---D | M] (NoScript) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012/05/02 18:08:00 | 000,000,000 | ---D | M] (ImTranslator) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2012/05/02 18:07:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/11/11 02:15:52 | 000,000,000 | ---D | M] (gTranslate) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012/04/24 13:24:25 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/02 18:07:59 | 000,000,000 | ---D | M] (DownThemAll!) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/07/07 20:45:06 | 000,000,000 | ---D | M] (Web2PDF converter) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2012/05/02 18:48:16 | 000,000,000 | ---D | M] (FoxLingo) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/04/24 13:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected](2).com
[2012/05/02 18:48:08 | 000,000,000 | ---D | M] (DeeperWeb for Google) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:48:17 | 000,000,000 | ---D | M] (Show Me More) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/04/24 13:42:58 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2010/10/17 01:46:49 | 000,002,027 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\google-translate-any--en.xml
[2012/03/21 21:15:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2011/11/26 00:55:55 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/10/26 22:49:42 | 000,000,000 | ---D | M] (EpicPlay Games) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{C0D0F6D1-9FC9-4B0A-B485-D5E13AF40D51}
[2012/03/07 11:31:20 | 000,000,000 | ---D | M] (avast! WebRep) -- F:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\PROGRAM FILES\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- F:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2012/05/03 07:36:54 | 000,000,098 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - F:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MAXA-LockTray] F:\Program Files\MAXA Security Tools\Lock\tray.exe (MAXA Research Int'l Inc.)
O4 - HKLM..\Run: [Multi Webcam Video Recorder] F:\Program Files\Multi Webcam Video Recorder\webcam.exe ()
O4 - HKLM..\Run: [Odsspo] F:\Program Files\Nwmao\Rlkkhgs.exe ()
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VRS] "F:\Program Files\NCH Software\VRS\vrs.exe" -logon File not found
O4 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004..\Run: [HotAlarmClock] F:\Program Files\HotAlarmClock\HotAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\STIMON.lnk = F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\CNET TechTracker.lnk = F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\Dropbox.lnk = F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: F:\Documents and Settings\Bubbles2000\Desktop\Colorado\Colorado = Colorado
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91EA0E0-F8AD-4018-AE7C-BD0430F21082}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 02:20:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/27 00:03:47 | 000,027,568 | ---- | M] () - E:\autopay_DPA.pdf -- [ NTFS ]
O32 - AutoRun File - [2004/08/16 17:49:53 | 000,000,110 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2004/08/03 16:04:54 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 08:30:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/05/03 07:52:22 | 004,731,392 | ---- | C] (AVAST Software) -- F:\Documents and Settings\Bubbles2000\Desktop\aswMBR.exe
[2012/05/03 07:36:36 | 000,000,000 | ---D | C] -- F:\_OTL
[2012/05/03 04:17:08 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Inpaint
[2012/05/03 04:17:07 | 000,000,000 | ---D | C] -- F:\Program Files\Inpaint
[2012/05/02 17:56:30 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/05/02 17:56:28 | 000,000,000 | ---D | C] -- F:\Program Files\searchplugins
[2012/05/02 17:56:28 | 000,000,000 | ---D | C] -- F:\Program Files\dictionaries
[2012/05/02 17:56:22 | 011,708,888 | ---- | C] (Mozilla Foundation) -- F:\Program Files\xul.dll
[2012/05/02 17:56:22 | 000,644,568 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nss3.dll
[2012/05/02 17:56:22 | 000,467,928 | ---- | C] (sqlite.org) -- F:\Program Files\sqlite3.dll
[2012/05/02 17:56:22 | 000,333,272 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssckbi.dll
[2012/05/02 17:56:22 | 000,243,160 | ---- | C] (Mozilla Foundation) -- F:\Program Files\updater.exe
[2012/05/02 17:56:22 | 000,155,648 | ---- | C] (Mozilla Foundation) -- F:\Program Files\softokn3.dll
[2012/05/02 17:56:22 | 000,140,760 | ---- | C] (Mozilla Foundation) -- F:\Program Files\ssl3.dll
[2012/05/02 17:56:22 | 000,103,896 | ---- | C] (Mozilla Foundation) -- F:\Progra
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please post the whole OTL.txt file.

Please also post the aswMBR log.
  • 0

#7
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Here is the OTL file:

OTL logfile created on: 5/3/2012 8:33:34 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = F:\Documents and Settings\Bubbles2000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.12% Memory free
3.84 Gb Paging File | 3.19 Gb Available in Paging File | 83.07% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6.36 Gb Total Space | 1.44 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1312.31 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 61.93 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive F: | 68.11 Gb Total Space | 8.08 Gb Free Space | 11.86% Space Free | Partition Type: NTFS
Drive G: | 536.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.45 Gb Total Space | 6.49 Gb Free Space | 87.09% Space Free | Partition Type: FAT32

Computer Name: GARGOYLE2 | User Name: Bubbles2000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 19:19:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
PRC - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/03 21:42:56 | 016,575,824 | ---- | M] (Comfort Software Group) -- F:\Program Files\HotAlarmClock\HotAlarmClock.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/11/26 00:54:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/09/26 19:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/12 05:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/11/10 15:41:14 | 000,036,864 | ---- | M] (MAXA Research Int'l Inc.) -- F:\Program Files\MAXA Security Tools\Lock\tray.exe
PRC - [2009/09/24 18:41:40 | 000,933,888 | ---- | M] (Silicon Motion) -- F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
PRC - [2008/07/21 12:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/02 23:58:53 | 001,771,520 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\12050300\algo.dll
MOD - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/21 21:14:53 | 000,982,880 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/09 06:04:52 | 000,998,400 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/09 06:02:30 | 000,971,264 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/09 04:08:34 | 005,450,752 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/09 04:08:27 | 012,430,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/09 04:08:13 | 001,587,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/09 04:06:48 | 007,950,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/09 04:06:37 | 011,490,816 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
MOD - [2011/04/23 20:02:19 | 000,536,576 | ---- | M] () -- F:\Program Files\Nwmao\Rlkkhgs.exe
MOD - [2011/04/23 20:02:19 | 000,020,480 | ---- | M] () -- F:\Program Files\Nwmao\a.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- F:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- F:\WINDOWS\system32\devenum.dll
MOD - [2007/05/07 08:06:02 | 000,128,000 | ---- | M] () -- F:\Program Files\ImageBadger\extib.dll
MOD - [2005/04/15 14:18:30 | 000,483,328 | ---- | M] () -- F:\WINDOWS\system32\lxcglmpm.dll
MOD - [2005/03/13 11:32:14 | 000,061,440 | ---- | M] () -- F:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ql12nses)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/21 21:14:58 | 000,918,880 | ---- | M] () [Auto | Running] -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) [Auto | Stopped] -- C:\ManageEngine\EventLog\bin\wrapper.exe -- (eventloganalyzer)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/04/15 14:15:30 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- F:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys -- (VDSDK)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- F:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/05 15:10:32 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/02 18:17:50 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2010/09/14 05:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 05:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- F:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://igoogle.com/
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{909D53DD-ED5F-405B-879E-5F5CD26B7C05}: "URL" = http://www.google.co...Terms}&aq=f&oq=
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngineURL: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5
FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.12
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - prefs.js..extensions.enabledItems: [email protected]:10.2.0.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.14
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:00&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_121.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: F:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: F:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 00:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/07 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/21 21:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: F:\Program Files\components [2012/05/02 17:56:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: F:\Program Files\plugins [2012/05/02 17:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/01 21:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/01 21:15:47 | 000,000,000 | ---D | M]

[2012/05/02 18:46:57 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Extensions
[2012/05/03 07:36:44 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions
[2012/05/02 18:48:13 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/05/01 21:04:29 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2)
[2011/07/18 00:26:50 | 000,000,000 | ---D | M] (Flashblock) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/01/25 16:58:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 04:00:12 | 000,000,000 | ---D | M] (NoScript) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012/05/02 18:08:00 | 000,000,000 | ---D | M] (ImTranslator) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2012/05/02 18:07:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/11/11 02:15:52 | 000,000,000 | ---D | M] (gTranslate) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012/04/24 13:24:25 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/02 18:07:59 | 000,000,000 | ---D | M] (DownThemAll!) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/07/07 20:45:06 | 000,000,000 | ---D | M] (Web2PDF converter) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2012/05/02 18:48:16 | 000,000,000 | ---D | M] (FoxLingo) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/04/24 13:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected](2).com
[2012/05/02 18:48:08 | 000,000,000 | ---D | M] (DeeperWeb for Google) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:48:17 | 000,000,000 | ---D | M] (Show Me More) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/04/24 13:42:58 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2010/10/17 01:46:49 | 000,002,027 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\google-translate-any--en.xml
[2012/03/21 21:15:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2011/11/26 00:55:55 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/10/26 22:49:42 | 000,000,000 | ---D | M] (EpicPlay Games) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{C0D0F6D1-9FC9-4B0A-B485-D5E13AF40D51}
[2012/03/07 11:31:20 | 000,000,000 | ---D | M] (avast! WebRep) -- F:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/05/02 18:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\PROGRAM FILES\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- F:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2012/05/03 07:36:54 | 000,000,098 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - F:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MAXA-LockTray] F:\Program Files\MAXA Security Tools\Lock\tray.exe (MAXA Research Int'l Inc.)
O4 - HKLM..\Run: [Multi Webcam Video Recorder] F:\Program Files\Multi Webcam Video Recorder\webcam.exe ()
O4 - HKLM..\Run: [Odsspo] F:\Program Files\Nwmao\Rlkkhgs.exe ()
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VRS] "F:\Program Files\NCH Software\VRS\vrs.exe" -logon File not found
O4 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004..\Run: [HotAlarmClock] F:\Program Files\HotAlarmClock\HotAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\STIMON.lnk = F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\CNET TechTracker.lnk = F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\Dropbox.lnk = F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1177238915-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: F:\Documents and Settings\Bubbles2000\Desktop\Colorado\Colorado = Colorado
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91EA0E0-F8AD-4018-AE7C-BD0430F21082}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 02:20:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/27 00:03:47 | 000,027,568 | ---- | M] () - E:\autopay_DPA.pdf -- [ NTFS ]
O32 - AutoRun File - [2004/08/16 17:49:53 | 000,000,110 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c251860b-692f-11df-a785-806d6172696f}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2004/08/03 16:04:54 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 08:30:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/05/03 07:52:22 | 004,731,392 | ---- | C] (AVAST Software) -- F:\Documents and Settings\Bubbles2000\Desktop\aswMBR.exe
[2012/05/03 07:36:36 | 000,000,000 | ---D | C] -- F:\_OTL
[2012/05/03 04:17:08 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Inpaint
[2012/05/03 04:17:07 | 000,000,000 | ---D | C] -- F:\Program Files\Inpaint
[2012/05/02 17:56:30 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/05/02 17:56:28 | 000,000,000 | ---D | C] -- F:\Program Files\searchplugins
[2012/05/02 17:56:28 | 000,000,000 | ---D | C] -- F:\Program Files\dictionaries
[2012/05/02 17:56:22 | 011,708,888 | ---- | C] (Mozilla Foundation) -- F:\Program Files\xul.dll
[2012/05/02 17:56:22 | 000,644,568 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nss3.dll
[2012/05/02 17:56:22 | 000,467,928 | ---- | C] (sqlite.org) -- F:\Program Files\sqlite3.dll
[2012/05/02 17:56:22 | 000,333,272 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssckbi.dll
[2012/05/02 17:56:22 | 000,243,160 | ---- | C] (Mozilla Foundation) -- F:\Program Files\updater.exe
[2012/05/02 17:56:22 | 000,155,648 | ---- | C] (Mozilla Foundation) -- F:\Program Files\softokn3.dll
[2012/05/02 17:56:22 | 000,140,760 | ---- | C] (Mozilla Foundation) -- F:\Program Files\ssl3.dll
[2012/05/02 17:56:22 | 000,103,896 | ---- | C] (Mozilla Foundation) -- F:\Program Files\smime3.dll
[2012/05/02 17:56:22 | 000,098,304 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssdbm3.dll
[2012/05/02 17:56:22 | 000,087,512 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssutil3.dll
[2012/05/02 17:56:22 | 000,020,440 | ---- | C] (Mozilla Foundation) -- F:\Program Files\plc4.dll
[2012/05/02 17:56:22 | 000,017,880 | ---- | C] (Mozilla Foundation) -- F:\Program Files\xpcom.dll
[2012/05/02 17:56:22 | 000,017,368 | ---- | C] (Mozilla Foundation) -- F:\Program Files\plds4.dll
[2012/05/02 17:56:22 | 000,014,808 | ---- | C] (Mozilla Corporation) -- F:\Program Files\plugin-container.exe
[2012/05/02 17:56:22 | 000,000,000 | ---D | C] -- F:\Program Files\res
[2012/05/02 17:56:22 | 000,000,000 | ---D | C] -- F:\Program Files\plugins
[2012/05/02 17:56:21 | 000,910,296 | ---- | C] (Mozilla Corporation) -- F:\Program Files\firefox.exe
[2012/05/02 17:56:21 | 000,718,296 | ---- | C] (Mozilla Foundation) -- F:\Program Files\mozcrt19.dll
[2012/05/02 17:56:21 | 000,718,296 | ---- | C] (Mozilla Foundation) -- F:\Program Files\mozcpp19.dll
[2012/05/02 17:56:21 | 000,249,856 | ---- | C] (Mozilla Foundation) -- F:\Program Files\freebl3.dll
[2012/05/02 17:56:21 | 000,202,200 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nspr4.dll
[2012/05/02 17:56:21 | 000,105,432 | ---- | C] (Mozilla Foundation) -- F:\Program Files\crashreporter.exe
[2012/05/02 17:56:21 | 000,017,880 | ---- | C] (Mozilla Foundation) -- F:\Program Files\AccessibleMarshal.dll
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\uninstall
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\modules
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\greprefs
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\extensions
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\defaults
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\components
[2012/05/02 17:56:21 | 000,000,000 | ---D | C] -- F:\Program Files\chrome
[2012/04/29 22:49:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\AVG Secure Search
[2012/04/29 21:23:57 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Test 4 Ed
[2012/04/29 14:10:56 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\cache
[2012/04/28 00:40:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\AKL_HACKAHOLIC.IN
[2012/04/27 22:29:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\me blue eyes
[2012/04/26 11:01:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\My Documents\voc 6ofthem
[2012/04/26 10:32:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\My Documents\Screen Recording Suite
[2012/04/26 10:23:49 | 000,000,000 | ---D | C] -- F:\Program Files\Apowersoft
[2012/04/26 07:10:05 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\notebook5
[2012/04/26 01:35:35 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\voc
[2012/04/26 01:34:47 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\VOC 8-18-11
[2012/04/21 11:43:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\me
[2012/04/21 11:42:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\dogstw
[2012/04/19 05:18:14 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Suite.aspx_files
[2012/04/13 00:56:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\citi bank 2
[2012/04/13 00:55:08 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\citi bank 1

========== Files - Modified Within 30 Days ==========

[2012/05/03 08:32:00 | 000,000,896 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 08:32:00 | 000,000,892 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/03 08:18:00 | 000,001,002 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004UA.job
[2012/05/03 08:05:00 | 000,000,830 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/03 07:42:31 | 000,000,294 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/05/03 07:42:31 | 000,000,290 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/05/03 07:42:12 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/05/03 07:36:54 | 000,000,098 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/03 06:42:23 | 000,073,430 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bijou_s12.jpg
[2012/05/03 06:36:29 | 000,071,689 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s04.jpg
[2012/05/03 06:36:08 | 000,097,944 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s01.jpg
[2012/05/03 06:35:56 | 000,154,810 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s05.jpg
[2012/05/03 06:24:41 | 000,099,207 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\ennie_s02.jpg
[2012/05/03 06:21:13 | 000,104,735 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\carie_v02.jpg
[2012/05/03 06:20:43 | 000,062,749 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\paolina_s07.jpg
[2012/05/03 06:18:54 | 000,105,330 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\carola_s02.jpg
[2012/05/03 06:16:43 | 000,139,065 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\balina_s03.jpg
[2012/05/03 06:12:34 | 000,147,013 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\kina_s01.jpg
[2012/05/03 06:05:10 | 000,124,997 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\leonie_s02.jpg
[2012/05/03 06:02:14 | 000,074,368 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bijou_s11.jpg
[2012/05/03 05:56:04 | 000,139,032 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\verunka_s03.jpg
[2012/05/03 05:06:10 | 000,203,014 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\ouch.jpg
[2012/05/03 04:17:09 | 000,000,693 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Inpaint.lnk
[2012/05/03 04:17:09 | 000,000,675 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Inpaint.lnk
[2012/05/02 19:19:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/05/02 19:18:00 | 000,000,950 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004Core1cc209613fe80f2.job
[2012/05/02 19:01:22 | 004,731,392 | ---- | M] (AVAST Software) -- F:\Documents and Settings\Bubbles2000\Desktop\aswMBR.exe
[2012/05/02 17:56:30 | 000,001,439 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/02 17:56:30 | 000,001,421 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/02 08:20:09 | 000,002,339 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Google Chrome.lnk
[2012/05/02 08:20:09 | 000,002,317 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/01 23:00:32 | 000,200,946 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bank statments BOA 2.jpg
[2012/05/01 22:57:07 | 000,201,978 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bank statments BOA.jpg
[2012/05/01 21:22:21 | 000,001,698 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/01 21:22:12 | 000,002,625 | ---- | M] () -- F:\WINDOWS\System32\CONFIG.NT
[2012/05/01 21:19:54 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/05/01 20:03:44 | 000,657,066 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bound2.jpg
[2012/05/01 19:34:04 | 000,000,298 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/05/01 18:36:37 | 000,194,719 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\bound.jpg
[2012/04/29 04:13:00 | 000,000,302 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/04/27 20:22:03 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/27 00:27:49 | 001,390,195 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\FireShot Screen Capture #290 - 'Basic Guide To Remote Keyloggers I Hackaholic' - www_hackaholic_in_2012_01_basic-guideto-keylogging-today-we-will_html.pdf
[2012/04/26 07:32:13 | 000,007,595 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\notebook5.rtf
[2012/04/26 06:33:57 | 000,044,599 | ---- | M] () -- F:\Program Files\sniffpass.zip
[2012/04/24 20:40:25 | 000,000,188 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\sync keypass.rtf
[2012/04/12 10:28:00 | 000,000,280 | ---- | M] () -- F:\WINDOWS\tasks\debutShakeIcon.job
[2012/04/04 15:31:12 | 000,122,015 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\shipping ok.jpg
[2012/04/03 15:22:09 | 000,227,840 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/05/03 06:42:23 | 000,073,430 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bijou_s12.jpg
[2012/05/03 06:36:28 | 000,071,689 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s04.jpg
[2012/05/03 06:36:08 | 000,097,944 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s01.jpg
[2012/05/03 06:35:56 | 000,154,810 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\natali_s05.jpg
[2012/05/03 06:24:40 | 000,099,207 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\ennie_s02.jpg
[2012/05/03 06:21:12 | 000,104,735 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\carie_v02.jpg
[2012/05/03 06:20:43 | 000,062,749 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\paolina_s07.jpg
[2012/05/03 06:18:54 | 000,105,330 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\carola_s02.jpg
[2012/05/03 06:16:43 | 000,139,065 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\balina_s03.jpg
[2012/05/03 06:12:34 | 000,147,013 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\kina_s01.jpg
[2012/05/03 06:05:10 | 000,124,997 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\leonie_s02.jpg
[2012/05/03 06:02:14 | 000,074,368 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bijou_s11.jpg
[2012/05/03 05:56:04 | 000,139,032 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\verunka_s03.jpg
[2012/05/03 05:06:09 | 000,203,014 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\ouch.jpg
[2012/05/03 04:17:09 | 000,000,693 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Inpaint.lnk
[2012/05/03 04:17:09 | 000,000,675 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Inpaint.lnk
[2012/05/02 17:56:30 | 000,001,439 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/02 17:56:30 | 000,001,421 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/02 17:56:28 | 000,000,707 | ---- | C] () -- F:\Program Files\updater.ini
[2012/05/02 17:56:28 | 000,000,232 | ---- | C] () -- F:\Program Files\browserconfig.properties
[2012/05/02 17:56:28 | 000,000,006 | ---- | C] () -- F:\Program Files\update.locale
[2012/05/02 17:56:22 | 000,000,478 | ---- | C] () -- F:\Program Files\softokn3.chk
[2012/05/02 17:56:22 | 000,000,478 | ---- | C] () -- F:\Program Files\nssdbm3.chk
[2012/05/02 17:56:22 | 000,000,141 | ---- | C] () -- F:\Program Files\platform.ini
[2012/05/02 17:56:21 | 001,016,792 | ---- | C] () -- F:\Program Files\js3250.dll
[2012/05/02 17:56:21 | 000,031,393 | ---- | C] () -- F:\Program Files\LICENSE
[2012/05/02 17:56:21 | 000,003,803 | ---- | C] () -- F:\Program Files\crashreporter.ini
[2012/05/02 17:56:21 | 000,002,530 | ---- | C] () -- F:\Program Files\blocklist.xml
[2012/05/02 17:56:21 | 000,002,126 | ---- | C] () -- F:\Program Files\application.ini
[2012/05/02 17:56:21 | 000,000,583 | ---- | C] () -- F:\Program Files\crashreporter-override.ini
[2012/05/02 17:56:21 | 000,000,477 | ---- | C] () -- F:\Program Files\freebl3.chk
[2012/05/02 17:56:21 | 000,000,115 | ---- | C] () -- F:\Program Files\dependentlibs.list
[2012/05/01 23:00:23 | 000,200,946 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bank statments BOA 2.jpg
[2012/05/01 22:56:59 | 000,201,978 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bank statments BOA.jpg
[2012/05/01 20:03:43 | 000,657,066 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bound2.jpg
[2012/05/01 18:36:37 | 000,194,719 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\bound.jpg
[2012/04/27 00:27:49 | 001,390,195 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\FireShot Screen Capture #290 - 'Basic Guide To Remote Keyloggers I Hackaholic' - www_hackaholic_in_2012_01_basic-guideto-keylogging-today-we-will_html.pdf
[2012/04/26 07:32:13 | 000,007,595 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\notebook5.rtf
[2012/04/26 06:33:56 | 000,044,599 | ---- | C] () -- F:\Program Files\sniffpass.zip
[2012/04/24 20:40:25 | 000,000,188 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\sync keypass.rtf
[2012/04/20 00:26:25 | 000,014,600 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\SniffPass.chm
[2012/04/04 15:31:00 | 000,122,015 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\shipping ok.jpg
[2012/03/19 11:29:26 | 000,038,187 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\KeyBlaze.dmp
[2012/03/02 22:59:54 | 000,108,032 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2012/02/20 21:46:15 | 000,000,043 | ---- | C] () -- F:\WINDOWS\gswin32.ini
[2011/11/26 23:18:56 | 002,062,304 | ---- | C] () -- F:\Program Files\installspeedfan443.exe
[2011/10/31 18:16:38 | 015,854,592 | ---- | C] () -- F:\Program Files\Setup.msi
[2011/10/28 17:22:15 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\treeskp.sys
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\sbacknt.bin
[2010/11/29 16:53:55 | 000,000,037 | ---- | C] () -- F:\WINDOWS\Viewer.ini
[2010/09/02 00:33:54 | 000,015,360 | ---- | C] () -- F:\WINDOWS\System32\bdmjpeg.dll
[2010/09/02 00:32:52 | 000,058,368 | ---- | C] () -- F:\WINDOWS\System32\bdmpegv.dll
[2010/08/25 06:28:07 | 000,000,031 | ---- | C] () -- F:\WINDOWS\System32\wocsodsini.dll
[2010/08/25 06:27:47 | 000,000,530 | ---- | C] () -- F:\WINDOWS\System32\tx14_ic.ini
[2010/08/25 06:09:41 | 001,774,720 | ---- | C] () -- F:\WINDOWS\System32\BootMan.exe
[2010/08/25 06:09:41 | 000,086,408 | ---- | C] () -- F:\WINDOWS\System32\setupempdrv03.exe
[2010/08/25 06:09:41 | 000,014,848 | ---- | C] () -- F:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/25 06:09:41 | 000,013,192 | ---- | C] () -- F:\WINDOWS\System32\epmntdrv.sys
[2010/08/25 06:09:41 | 000,008,456 | ---- | C] () -- F:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/23 22:17:42 | 000,000,132 | -H-- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\lakerda1967.sys
[2010/07/23 22:13:46 | 000,010,584 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\docXConverter (3).ini
[2010/06/28 06:32:59 | 000,000,025 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2010/06/18 01:14:54 | 000,024,575 | ---- | C] () -- F:\WINDOWS\System32\Mpwinapppiobas69.dat
[2010/06/17 14:07:29 | 000,112,156 | ---- | C] () -- F:\WINDOWS\System32\winobj92.dat
[2010/06/15 07:29:22 | 000,000,552 | ---- | C] () -- F:\WINDOWS\System32\d3d8caps.dat
[2010/06/01 19:24:12 | 000,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2010/05/31 13:49:28 | 000,000,664 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 22:52:43 | 000,040,960 | ---- | C] () -- F:\WINDOWS\System32\lxcgvs.dll
[2010/05/29 22:52:42 | 001,134,592 | ---- | C] () -- F:\WINDOWS\System32\lxcgusb1.dll
[2010/05/29 22:52:42 | 000,708,608 | ---- | C] () -- F:\WINDOWS\System32\lxcgcomc.dll
[2010/05/29 22:52:42 | 000,491,520 | ---- | C] () -- F:\WINDOWS\System32\lxcgcoms.exe
[2010/05/29 22:52:42 | 000,483,328 | ---- | C] () -- F:\WINDOWS\System32\lxcglmpm.dll
[2010/05/29 22:52:42 | 000,413,696 | ---- | C] () -- F:\WINDOWS\System32\lxcgcomm.dll
[2010/05/29 22:52:42 | 000,372,736 | ---- | C] () -- F:\WINDOWS\System32\lxcgih.exe
[2010/05/29 22:52:42 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\lxcgprox.dll
[2010/05/29 22:52:42 | 000,114,688 | ---- | C] () -- F:\WINDOWS\System32\lxcgpplc.dll
[2010/05/29 22:52:41 | 001,191,936 | ---- | C] () -- F:\WINDOWS\System32\lxcgserv.dll
[2010/05/28 01:47:07 | 000,000,091 | ---- | C] () -- F:\WINDOWS\DVM.INI
[2010/05/27 23:46:32 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\ChCfg.exe
[2010/05/27 22:16:54 | 000,004,982 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\wklnhst.dat
[2010/05/27 21:45:33 | 000,227,840 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 03:44:01 | 000,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2010/05/27 03:36:41 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2010/05/27 03:33:20 | 000,021,640 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2010/05/26 18:41:45 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2010/05/26 18:40:52 | 000,157,160 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/02/07 15:55:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/05/03 07:44:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/04/24 06:04:30 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Aoiiytw
[2012/04/29 14:11:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/28 08:40:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/24 03:21:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/03/21 21:14:26 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/04 11:25:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Deskshare
[2011/06/05 02:07:52 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\eJ01803LaHpI01803
[2012/03/12 05:40:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\FaceOffMax
[2010/09/15 08:44:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\FileCure
[2010/06/02 07:03:52 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\IM
[2010/10/14 15:40:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Laconic Software
[2012/02/07 12:44:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/09/05 21:30:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Masters ITC
[2012/01/15 18:06:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Mirolit
[2012/01/26 12:06:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC1Data
[2011/08/30 00:01:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\RPSP
[2010/09/03 12:31:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ScreenVCR
[2010/07/23 20:43:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/08 23:21:32 | 000,000,000 | -HSD | M] -- F:\Documents and Settings\All Users\Application Data\System Restore
[2012/03/21 21:18:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 23:55:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/10/05 16:14:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/08/20 20:33:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/06 13:59:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ZentimoService
[2011/12/29 12:47:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\.purple
[2010/06/02 20:42:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Arkadium
[2012/03/21 21:15:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\AVG Secure Search
[2012/02/07 12:44:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Avnex
[2011/11/28 08:40:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Babylon
[2011/10/03 15:32:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\BabylonToolbar
[2011/05/10 13:53:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\BANDISOFT
[2011/08/29 03:15:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Business Logic
[2010/06/01 04:51:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive
[2012/05/03 07:47:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Dropbox
[2012/02/07 12:48:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\DzSoft
[2012/03/12 05:40:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\FaceOffMax
[2012/03/27 07:20:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\FireShot
[2011/10/10 16:23:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Garbage Finder
[2010/07/23 20:57:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Genie-Soft
[2010/09/14 13:42:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\iLike
[2010/08/11 09:11:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\ImageBadger
[2011/02/14 22:16:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\IrfanView
[2011/09/05 04:23:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Listary
[2012/03/02 23:35:11 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\mresreg
[2011/10/05 16:14:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\OpenCandy
[2012/04/21 11:56:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\PC Cleaners
[2012/04/19 17:53:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\PCPro
[2011/10/10 01:03:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\PriceGong
[2011/06/05 02:08:16 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Sammsoft
[2012/04/30 23:54:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\SoftGrid Client
[2010/12/09 14:44:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Software Informer
[2011/12/03 01:17:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Start Menu 7
[2010/05/27 22:18:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Template
[2010/08/04 17:00:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\TP
[2011/11/20 04:18:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Trillian
[2011/10/10 13:58:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\TweakNow PowerPack 2011
[2011/10/15 02:45:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\TweakNow WinSecret 2011
[2012/02/14 04:49:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\USBSafelyRemove
[2012/02/02 04:56:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\USBSRService
[2012/05/01 22:34:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\uTorrent
[2011/09/18 00:21:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\visualsearchpony.com
[2012/04/02 14:11:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\XnView
[2011/09/07 17:20:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Bubbles2000\Application Data\Zentimo
[2010/07/23 20:56:07 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\Genie-Soft
[2012/02/02 04:56:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Application Data\USBSRService
[2012/04/12 10:28:00 | 000,000,280 | ---- | M] () -- F:\WINDOWS\Tasks\debutShakeIcon.job
[2012/02/22 11:39:00 | 000,000,296 | ---- | M] () -- F:\WINDOWS\Tasks\doxillionShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >
[2012/04/24 15:03:38 | 015,869,112 | ---- | M] (Mozilla) -- F:\9.0_FirefoxSetup.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- F:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- F:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- F:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- F:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- F:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- F:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- F:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- F:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- F:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- F:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- F:\WINDOWS\system32\winlogon.exe

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3C973687-775D-4B07-ADEF-0963E094472D}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9C419D6A-2686-4AE9-8B71-B32AFDA6597E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B81E9D98-83C2-4A74-B04B-BEABF54C01A6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E91EA0E0-F8AD-4018-AE7C-BD0430F21082}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 11:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 05 01 03 01 00 01 06 01 04 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 03:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "F:\Program Files\uninstall\helper.exe" /HideShortcuts [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "F:\Program Files\uninstall\helper.exe" /ShowShortcuts [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "F:\Program Files\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: F:\Program Files\firefox.exe [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "F:\Program Files\firefox.exe" -preferences [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "F:\Program Files\firefox.exe" -safe-mode [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "F:\Program Files\uninstall\helper.exe" /HideShortcuts [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "F:\Program Files\uninstall\helper.exe" /ShowShortcuts [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "F:\Program Files\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/24 19:31:07 | 000,552,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: F:\Program Files\firefox.exe [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "F:\Program Files\firefox.exe" -preferences [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "F:\Program Files\firefox.exe" -safe-mode [2010/08/24 19:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/27 19:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 04:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: GARGOYLE2
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 G WX2HOEM_EN CDFS DVD-ROM 537 MB
Volume 1 C NTFS Partition 6511 MB Healthy System
Volume 2 F New Drive NTFS Partition 68 GB Healthy Boot
Volume 3 D New Volume NTFS Partition 1397 GB Healthy
Volume 4 E SEA_DISC NTFS Partition 149 GB Healthy
Volume 5 H FAT32 Removeable 7646 MB

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5C1D8A71
@Alternate Data Stream - 133 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:029E021F
@Alternate Data Stream - 106 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:67BC4708
@Alternate Data Stream - 102 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:029666E0

< End of report >
I will post the aswMBR log when roommate gets back. She gave me wrong one. sorry about that, patience please.
  • 0

#8
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
CompCav, I'm not sure that this is what you want. It seems incomplete to me.

###############################################################################################################################################
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 08:28:34
-----------------------------
08:28:34.906 OS Version: Windows 5.1.2600 Service Pack 3
08:28:34.906 Number of processors: 2 586 0xF0D
08:28:34.906 ComputerName: GARGOYLE2 UserName:
08:28:35.484 Initialize success
08:28:35.609 AVAST engine defs: 12050300
08:29:16.890 The log file has been saved successfully to "H:\otl files\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 07:45:12
-----------------------------
07:45:12.140 OS Version: Windows 5.1.2600 Service Pack 3
07:45:12.140 Number of processors: 2 586 0xF0D
07:45:12.140 ComputerName: GARGOYLE2 UserName:
07:45:13.265 Initialize success
07:45:13.546 AVAST engine defs: 12050600
07:47:35.546 The log file has been saved successfully to "H:\otl files\aswMBR.txt"
################################################################################################################################################

If you are wondering about the "H" drive, I'm having her put everything on a usb drive because Firefox isn't working now and IE is sporadic at best.
I will have her run aswMBR again if you want.
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I will have her run aswMBR again if you want.

Yes, please have her run aswMBR again it is not complete.

Regards,

CompCav
  • 0

#10
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Thank you for your patience CompCav.
Here is the aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 08:08:14
-----------------------------
08:08:14.734 OS Version: Windows 5.1.2600 Service Pack 3
08:08:14.734 Number of processors: 2 586 0xF0D
08:08:14.734 ComputerName: GARGOYLE2 UserName:
08:08:15.218 Initialize success
08:08:15.671 AVAST engine defs: 12050700
08:08:45.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:08:45.281 Disk 0 Vendor: ST380815AS 3.ADA Size: 76293MB BusType: 3
08:08:45.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
08:08:45.281 Disk 1 Vendor: WDC_WD15EADS-00P8B0 01.00A01 Size: 1430799MB BusType: 3
08:08:45.312 Disk 0 MBR read successfully
08:08:45.312 Disk 0 MBR scan
08:08:45.312 Disk 0 Windows XP default MBR code
08:08:45.328 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:08:45.343 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 6510 MB offset 80325
08:08:45.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 69743 MB offset 13414275
08:08:45.375 Disk 0 scanning sectors +156248190
08:08:45.484 Disk 0 scanning F:\WINDOWS\system32\drivers
08:09:04.828 Service scanning
08:09:22.812 Modules scanning
08:09:49.546 Disk 0 trace - called modules:
08:09:49.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:09:49.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a972ab8]
08:09:49.578 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a9b9630]
08:09:49.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a976940]
08:09:50.093 AVAST engine scan F:\WINDOWS
08:10:07.875 AVAST engine scan F:\WINDOWS\system32
08:15:42.812 AVAST engine scan F:\WINDOWS\system32\drivers
08:16:34.812 AVAST engine scan F:\Documents and Settings\Bubbles2000
09:09:32.437 AVAST engine scan F:\Documents and Settings\All Users
10:22:30.796 Scan finished successfully
11:16:51.156 Disk 0 MBR has been saved successfully to "H:\otl files\MBR.dat"
11:16:51.171 The log file has been saved successfully to "H:\otl files\OTL.Txt"
19:02:10.562 Disk 0 MBR has been saved successfully to "F:\Documents and Settings\Bubbles2000\Desktop\MBR.dat"
19:02:10.578 The log file has been saved successfully to "F:\Documents and Settings\Bubbles2000\Desktop\aswMBR.txt"

She also said that when she is typing something, half of the letters in the first few words are missing
Again thank you for the help
  • 0

#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please post:

ComboFix.txt
TDSSKiller log


Please give me an update on how the computer is running.


  • 0

#12
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
CompCav,
Here are the reports that you requested:

ComboFix 12-05-08.02 - Bubbles2000 05/09/2012 2:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1078 [GMT -7:00]
Running from: f:\documents and settings\Bubbles2000\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\All Users\Application Data\TEMP
f:\documents and settings\Bubbles2000\Application Data\Microsoft\~DFK987bee3.tmp
f:\documents and settings\Bubbles2000\Application Data\PriceGong
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\1.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\1093.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\1707.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\1947.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\2229.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\2267.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\371.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\375.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\4436.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\4488.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\450.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\4643.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\5603.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\6081.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\6781.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\6927.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\7050.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\83.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\946.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\a.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\b.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\c.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\d.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\e.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\f.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\g.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\h.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\i.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\j.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\k.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\l.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\m.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\mru.xml
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\n.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\o.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\p.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\q.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\r.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\s.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\t.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\u.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\v.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\w.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\wlu.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\x.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\y.txt
f:\documents and settings\Bubbles2000\Application Data\PriceGong\Data\z.txt
f:\documents and settings\Bubbles2000\My Documents\ShopToWin
f:\program files\INSTALL.LOG
f:\program files\StartNow Toolbar
f:\program files\StartNow Toolbar\Resources\images\engine_images.png
f:\program files\StartNow Toolbar\Resources\images\engine_maps.png
f:\program files\StartNow Toolbar\Resources\images\engine_news.png
f:\program files\StartNow Toolbar\Resources\images\engine_videos.png
f:\program files\StartNow Toolbar\Resources\images\engine_web.png
f:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
f:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
f:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
f:\program files\StartNow Toolbar\Resources\images\icon_games.png
f:\program files\StartNow Toolbar\Resources\images\icon_msn.png
f:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
f:\program files\StartNow Toolbar\Resources\images\icon_travel.png
f:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
f:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
f:\program files\StartNow Toolbar\Resources\installer.xml
f:\program files\StartNow Toolbar\Resources\protect\index.html
f:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
f:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
f:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
f:\program files\StartNow Toolbar\Resources\protect\window.css
f:\program files\StartNow Toolbar\Resources\protect\window.js
f:\program files\StartNow Toolbar\Resources\reactivate\index.html
f:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
f:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
f:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
f:\program files\StartNow Toolbar\Resources\reactivate\window.css
f:\program files\StartNow Toolbar\Resources\reactivate\window.js
f:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
f:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
f:\program files\StartNow Toolbar\Resources\skin\separator.png
f:\program files\StartNow Toolbar\Resources\skin\splitter.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
f:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
f:\program files\StartNow Toolbar\Resources\toolbar.xml
f:\program files\StartNow Toolbar\Resources\update.xml
f:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
f:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
f:\program files\StartNow Toolbar\uninstall.dat
f:\windows\system32\Cache
f:\windows\system32\Cache\272512937d9e61a4.fb
f:\windows\system32\Cache\287204568329e189.fb
f:\windows\system32\Cache\28bc8f716fd76a47.fb
f:\windows\system32\Cache\2c53092c95605355.fb
f:\windows\system32\Cache\32c84fe32bb74d60.fb
f:\windows\system32\Cache\3917078cb68ec657.fb
f:\windows\system32\Cache\590ba23ce359fd0c.fb
f:\windows\system32\Cache\610289e025a3ee9a.fb
f:\windows\system32\Cache\64b60badb04ea7cf.fb
f:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
f:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
f:\windows\system32\Cache\6d03dad1035885d3.fb
f:\windows\system32\Cache\a8556537add6dfc5.fb
f:\windows\system32\Cache\ad10a52aff5e038d.fb
f:\windows\system32\Cache\c1fa887b03019701.fb
f:\windows\system32\Cache\c4d28dca2e7648be.fb
f:\windows\system32\Cache\d201ef9910cd39de.fb
f:\windows\system32\Cache\d2e94710a5708128.fb
f:\windows\system32\Cache\d79b9dfe81484ec4.fb
f:\windows\system32\Cache\f998975c9cc711ee.fb
f:\windows\system32\dllcache\dlimport.exe
f:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-07 21:13 . 2012-05-08 05:06 -------- dc----w- f:\documents and settings\All Users\Application Data\firebird
2012-05-07 20:39 . 2012-05-07 20:39 -------- dc----w- f:\documents and settings\Bubbles2000\Application Data\Chrysanth
2012-05-07 20:38 . 2012-05-07 20:38 -------- d-----w- f:\program files\Chrysanth
2012-05-05 19:05 . 2012-05-05 19:05 -------- d-----w- f:\program files\GNU
2012-05-05 19:05 . 2012-05-05 19:05 -------- d-----w- f:\program files\CoreAAC
2012-05-05 19:05 . 2012-05-05 19:05 -------- dc----w- f:\documents and settings\All Users\Application Data\GRETECH
2012-05-04 05:34 . 2012-05-05 01:56 -------- d-----w- f:\program files\updates
2012-05-03 14:36 . 2012-05-03 14:36 -------- dc----w- F:\_OTL
2012-05-03 11:17 . 2012-05-03 11:17 -------- d-----w- f:\program files\Inpaint
2012-05-02 04:16 . 2012-05-02 04:16 -------- d-----w- f:\windows\system32\wbem\Repository
2012-04-30 05:49 . 2012-04-30 05:49 -------- dc----w- f:\documents and settings\Bubbles2000\Local Settings\Application Data\AVG Secure Search
2012-04-26 17:23 . 2012-05-02 04:10 -------- d-----w- f:\program files\Apowersoft
2012-04-24 22:02 . 2012-04-24 22:03 15869112 -c--a-w- F:\9.0_FirefoxSetup.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 20:30 . 2011-10-03 06:31 230808 ----a-r- f:\windows\system32\cpnprt2.cid
2012-03-07 00:15 . 2012-02-07 22:55 41184 ----a-w- f:\windows\avastSS.scr
2012-03-07 00:15 . 2012-02-07 22:19 201352 ----a-w- f:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-02-07 22:56 612184 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-02-07 22:56 337880 ----a-w- f:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-07 22:56 35672 ----a-w- f:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-02-07 22:56 53848 ----a-w- f:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-02-07 22:56 95704 ----a-w- f:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-02-07 22:56 89048 ----a-w- f:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-02-07 22:56 20696 ----a-w- f:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-02-07 22:56 24920 ----a-w- f:\windows\system32\drivers\aavmker4.sys
2012-03-05 22:10 . 2012-03-24 10:26 360448 ----a-w- f:\windows\system32\myodbc3.dll
2011-10-26 00:07 . 2011-11-01 01:16 15854592 ----a-w- f:\program files\Setup.msi
2011-06-03 04:13 . 2011-11-27 06:18 2062304 -c--a-w- f:\program files\installspeedfan443.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "f:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-22 04:14 1869152 ----a-w- f:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "f:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-22 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="f:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-11-24 6497592]
"HotAlarmClock"="f:\program files\HotAlarmClock\HotAlarmClock.exe" [2012-03-04 16575824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAXA-LockTray"="f:\program files\MAXA Security Tools\Lock\tray.exe" [2009-11-10 36864]
"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Odsspo"="f:\program files\Nwmao\Rlkkhgs.exe" [2011-04-24 536576]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="f:\windows\system32\igfxpers.exe" [2007-04-17 138008]
"APSDaemon"="f:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="f:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
"Anti-phishing Domain Advisor"="f:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"LogMeIn GUI"="f:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"avast"="f:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"vProt"="f:\program files\AVG Secure Search\vprot.exe" [2012-03-22 982880]
"Multi Webcam Video Recorder"="f:\program files\Multi Webcam Video Recorder\webcam.exe" [2011-09-23 4930048]
.
f:\documents and settings\Bubbles2000\Start Menu\Programs\Startup\
CNET TechTracker.lnk - f:\documents and settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
Dropbox.lnk - f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
RCA Detective.lnk - f:\documents and settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe [2011-12-13 1069056]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
STIMON.lnk - f:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2011-9-18 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-27 02:15 87424 ----a-w- f:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\lxcgcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Documents and Settings\\Bubbles2000\\My Documents\\Downloads\\magentic_install.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"f:\\Documents and Settings\\Bubbles2000\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [2/7/2012 3:56 PM 612184]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [2/7/2012 3:56 PM 337880]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2/7/2012 3:56 PM 20696]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;f:\windows\system32\drivers\avwebcam.sys [9/10/2011 2:38 AM 13696]
R2 cvhsvc;Client Virtualization Handler;f:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [10/20/2010 3:23 PM 821664]
R2 eventloganalyzer;ManageEngine EventLog Analyzer 7.0;c:\manageengine\EventLog\bin\wrapper.exe -s c:\manageengine\EventLog\server\default\conf\wrapper.conf --> c:\manageengine\EventLog\bin\wrapper.exe -s c:\manageengine\EventLog\server\default\conf\wrapper.conf [?]
R2 sftlist;Application Virtualization Client;f:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/14/2010 5:46 AM 508264]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;f:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/21/2012 9:14 PM 918880]
R3 Sftfs;Sftfs;f:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 581480]
R3 Sftplay;Sftplay;f:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 209640]
R3 Sftredir;Sftredir;f:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;f:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;f:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/14/2010 5:46 AM 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 5:47 AM 136176]
S3 epmntdrv;epmntdrv;f:\windows\system32\epmntdrv.sys [8/25/2010 6:09 AM 13192]
S3 EuGdiDrv;EuGdiDrv;f:\windows\system32\EuGdiDrv.sys [8/25/2010 6:09 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 5:47 AM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;f:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 3:00 AM 14336]
S3 osppsvc;Office Software Protection Platform;f:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Ql12nses;Ql12nses; [x]
S3 VDSDK;VDSDK;\??\f:\docume~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys --> f:\docume~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys [?]
S3 wimmount;wimmount;f:\windows\system32\drivers\wimmount.sys [6/15/2010 2:52 AM 19024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-22 08:05]
.
2012-05-05 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-09 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:47]
.
2012-05-09 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:47]
.
2012-05-09 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004Core1cc209613fe80f2.job
- f:\documents and settings\Bubbles2000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-27 12:47]
.
2012-05-09 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004UA.job
- f:\documents and settings\Bubbles2000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-27 12:47]
.
2012-05-09 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2012-05-09 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-500.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2012-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2012-05-06 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-500.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={5C655680-CB30-44EC-B6C7-0C3F7AD071D4}&mid=d14b832aa5ec47d08352d1544f992eb9-dd2df1969c2bebe94fc10b9d51c0a17ca29bae57&lang=en&ds=gm011&pr=sa&d=2012-03-21 21:15&v=10.2.0.3&sap=hp
mStart Page = hxxp://www.yahoo.com/?ilc=8
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - f:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - f:\documents and settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9c7a4ad5-45a5-4dfc-8f77-d9daab460007%7D&mid=d14b832aa5ec47d08352d1544f992eb9-dd2df1969c2bebe94fc10b9d51c0a17ca29bae57&ds=gm011&v=10.2.0.3&lang=en&pr=sa&d=2012-03-21%2021%3A15%3A00&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Web2PDF converter: {e8f509f0-b677-11de-8a39-0800200c9a66} - %profile%\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Show Me More: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: [email protected] - f:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: AVG Security Toolbar: [email protected] - f:\documents and settings\All Users\Application Data\AVG Secure Search\10.2.0.3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-VRS - f:\program files\NCH Software\VRS\vrs.exe
MSConfigStartUp-Reader_sl - (no file)
AddRemove-Debut - f:\program files\NCH Software\Debut\uninst.exe
AddRemove-Doxillion - f:\program files\NCH Software\Doxillion\uninst.exe
AddRemove-ExpressZip - f:\program files\NCH Software\ExpressZip\uninst.exe
AddRemove-KeyBlaze - f:\program files\NCH Software\KeyBlaze\uninst.exe
AddRemove-StartNow Toolbar - f:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-VRS - f:\program files\NCH Software\VRS\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 02:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1647877149-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
f:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3292)
f:\windows\system32\WININET.dll
f:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
f:\documents and settings\Bubbles2000\Application Data\Dropbox\bin\DropboxExt.14.dll
f:\windows\system32\ieframe.dll
f:\program files\Windows Media Player\wmpband.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\AVAST Software\Avast\AvastSvc.exe
c:\manageengine\EventLog\bin\wrapper.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Motive\McciCMService.exe
f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
f:\windows\system32\tcpsvcs.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\igfxsrvc.exe
f:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\manageengine\EventLog\jre\bin\java.exe
c:\manageengine\EventLog\mysql\bin\mysqld-nt.exe
c:\manageengine\EventLog\mysql\bin\mysqladmin.exe
f:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-05-09 02:42:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 09:42
.
Pre-Run: 7,015,968,768 bytes free
Post-Run: 7,129,759,744 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AC2F39F2B4C2D617F5B76A7C54EAAE03

##############################################################################################################################################

02:49:17.0843 3348 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
02:49:18.0437 3348 ============================================================
02:49:18.0437 3348 Current date / time: 2012/05/09 02:49:18.0437
02:49:18.0437 3348 SystemInfo:
02:49:18.0437 3348
02:49:18.0437 3348 OS Version: 5.1.2600 ServicePack: 3.0
02:49:18.0437 3348 Product type: Workstation
02:49:18.0437 3348 ComputerName: GARGOYLE2
02:49:18.0437 3348 UserName: Bubbles2000
02:49:18.0437 3348 Windows directory: F:\WINDOWS
02:49:18.0437 3348 System windows directory: F:\WINDOWS
02:49:18.0437 3348 Processor architecture: Intel x86
02:49:18.0437 3348 Number of processors: 2
02:49:18.0437 3348 Page size: 0x1000
02:49:18.0437 3348 Boot type: Normal boot
02:49:18.0437 3348 ============================================================
02:49:19.0515 3348 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:49:19.0984 3348 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:49:19.0984 3348 Drive \Device\Harddisk2\DR6 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:49:20.0015 3348 Drive \Device\Harddisk3\DR7 - Size: 0x1DE200000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:49:20.0015 3348 ============================================================
02:49:20.0015 3348 \Device\Harddisk0\DR0:
02:49:20.0031 3348 MBR partitions:
02:49:20.0031 3348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xCB75BE
02:49:20.0031 3348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCCAF83, BlocksNum 0x88378FB
02:49:20.0031 3348 \Device\Harddisk1\DR1:
02:49:20.0031 3348 MBR partitions:
02:49:20.0031 3348 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
02:49:20.0031 3348 \Device\Harddisk2\DR6:
02:49:20.0062 3348 MBR partitions:
02:49:20.0062 3348 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
02:49:20.0062 3348 \Device\Harddisk3\DR7:
02:49:20.0062 3348 MBR partitions:
02:49:20.0062 3348 \Device\Harddisk3\DR7\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEF080
02:49:20.0062 3348 ============================================================
02:49:20.0109 3348 C: <-> \Device\Harddisk0\DR0\Partition0
02:49:20.0156 3348 D: <-> \Device\Harddisk1\DR1\Partition0
02:49:20.0218 3348 E: <-> \Device\Harddisk2\DR6\Partition0
02:49:20.0265 3348 F: <-> \Device\Harddisk0\DR0\Partition1
02:49:20.0265 3348 ============================================================
02:49:20.0265 3348 Initialize success
02:49:20.0265 3348 ============================================================
02:51:37.0500 3664 ============================================================
02:51:37.0500 3664 Scan started
02:51:37.0500 3664 Mode: Manual; SigCheck; TDLFS;
02:51:37.0500 3664 ============================================================
02:51:38.0250 3664 6to4 (c07d5197410aab28d0d93f943f59656d) F:\WINDOWS\System32\6to4svc.dll
02:51:38.0421 3664 6to4 - ok
02:51:38.0468 3664 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) F:\WINDOWS\system32\drivers\Aavmker4.sys
02:51:53.0578 3664 Aavmker4 - ok
02:51:53.0578 3664 Abiosdsk - ok
02:51:53.0578 3664 abp480n5 - ok
02:51:53.0625 3664 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
02:51:53.0734 3664 ACPI - ok
02:51:53.0765 3664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\drivers\ACPIEC.sys
02:51:53.0859 3664 ACPIEC - ok
02:51:53.0921 3664 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:51:53.0937 3664 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
02:51:53.0937 3664 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
02:51:53.0937 3664 adpu160m - ok
02:51:53.0968 3664 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
02:51:54.0078 3664 aec - ok
02:51:54.0109 3664 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
02:51:54.0156 3664 AFD - ok
02:51:54.0156 3664 Aha154x - ok
02:51:54.0156 3664 aic78u2 - ok
02:51:54.0156 3664 aic78xx - ok
02:51:54.0187 3664 Alerter (a9a3daa780ca6c9671a19d52456705b4) F:\WINDOWS\system32\alrsvc.dll
02:51:54.0281 3664 Alerter - ok
02:51:54.0312 3664 ALG (8c515081584a38aa007909cd02020b3d) F:\WINDOWS\System32\alg.exe
02:51:54.0375 3664 ALG - ok
02:51:54.0375 3664 AliIde - ok
02:51:54.0375 3664 amsint - ok
02:51:54.0375 3664 AppMgmt - ok
02:51:54.0390 3664 asc - ok
02:51:54.0390 3664 asc3350p - ok
02:51:54.0390 3664 asc3550 - ok
02:51:54.0468 3664 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:51:54.0468 3664 aspnet_state - ok
02:51:54.0515 3664 aswFsBlk (0ae43c6c411254049279c2ee55630f95) F:\WINDOWS\system32\drivers\aswFsBlk.sys
02:51:54.0531 3664 aswFsBlk - ok
02:51:54.0578 3664 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) F:\WINDOWS\system32\drivers\aswMon2.sys
02:51:54.0593 3664 aswMon2 - ok
02:51:54.0593 3664 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) F:\WINDOWS\system32\drivers\aswRdr.sys
02:51:54.0609 3664 aswRdr - ok
02:51:54.0640 3664 aswSnx (dcb199b967375753b5019ec15f008f53) F:\WINDOWS\system32\drivers\aswSnx.sys
02:51:54.0687 3664 aswSnx - ok
02:51:54.0718 3664 aswSP (b32873e5a1443c0a1e322266e203bf10) F:\WINDOWS\system32\drivers\aswSP.sys
02:51:54.0750 3664 aswSP - ok
02:51:54.0781 3664 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) F:\WINDOWS\system32\drivers\aswTdi.sys
02:51:54.0796 3664 aswTdi - ok
02:51:54.0828 3664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:51:54.0921 3664 AsyncMac - ok
02:51:54.0937 3664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
02:51:55.0046 3664 atapi - ok
02:51:55.0046 3664 Atdisk - ok
02:51:55.0062 3664 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:51:55.0156 3664 Atmarpc - ok
02:51:55.0187 3664 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) F:\WINDOWS\System32\audiosrv.dll
02:51:55.0281 3664 AudioSrv - ok
02:51:55.0312 3664 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
02:51:55.0406 3664 audstub - ok
02:51:55.0531 3664 avast! Antivirus (4041d31508a2a084dfb42c595854090f) F:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:51:55.0531 3664 avast! Antivirus - ok
02:51:55.0578 3664 AVWEBCAM (08270114009e3e8891120c9ff651123b) F:\WINDOWS\system32\DRIVERS\avwebcam.sys
02:51:55.0578 3664 AVWEBCAM ( UnsignedFile.Multi.Generic ) - warning
02:51:55.0578 3664 AVWEBCAM - detected UnsignedFile.Multi.Generic (1)
02:51:55.0609 3664 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
02:51:55.0734 3664 Beep - ok
02:51:55.0765 3664 BITS (574738f61fca2935f5265dc4e5691314) F:\WINDOWS\system32\qmgr.dll
02:51:55.0906 3664 BITS - ok
02:51:55.0937 3664 Browser (a06ce3399d16db864f55faeb1f1927a9) F:\WINDOWS\System32\browser.dll
02:51:56.0031 3664 Browser - ok
02:51:56.0031 3664 catchme - ok
02:51:56.0062 3664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
02:51:56.0171 3664 cbidf2k - ok
02:51:56.0203 3664 CCDECODE (0be5aef125be881c4f854c554f2b025c) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:51:56.0312 3664 CCDECODE - ok
02:51:56.0312 3664 cd20xrnt - ok
02:51:56.0328 3664 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
02:51:56.0453 3664 Cdaudio - ok
02:51:56.0484 3664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
02:51:56.0578 3664 Cdfs - ok
02:51:56.0593 3664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
02:51:56.0687 3664 Cdrom - ok
02:51:56.0718 3664 cercsr6 (84853b3fd012251690570e9e7e43343f) F:\WINDOWS\system32\drivers\cercsr6.sys
02:51:56.0734 3664 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
02:51:56.0734 3664 cercsr6 - detected UnsignedFile.Multi.Generic (1)
02:51:56.0734 3664 Changer - ok
02:51:56.0750 3664 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) F:\WINDOWS\system32\cisvc.exe
02:51:56.0859 3664 CiSvc - ok
02:51:56.0875 3664 ClipSrv (34cbe729f38138217f9c80212a2a0c82) F:\WINDOWS\system32\clipsrv.exe
02:51:56.0984 3664 ClipSrv - ok
02:51:57.0046 3664 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:51:57.0046 3664 clr_optimization_v2.0.50727_32 - ok
02:51:57.0140 3664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:51:57.0156 3664 clr_optimization_v4.0.30319_32 - ok
02:51:57.0156 3664 CmdIde - ok
02:51:57.0156 3664 COMSysApp - ok
02:51:57.0171 3664 Cpqarray - ok
02:51:57.0187 3664 CryptSvc (3d4e199942e29207970e04315d02ad3b) F:\WINDOWS\System32\cryptsvc.dll
02:51:57.0296 3664 CryptSvc - ok
02:51:57.0609 3664 cvhsvc (344546d11d7e6d9f481e9d3abc6e76cb) F:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:51:57.0640 3664 cvhsvc - ok
02:51:57.0656 3664 dac2w2k - ok
02:51:57.0656 3664 dac960nt - ok
02:51:57.0703 3664 DcomLaunch (6b27a5c03dfb94b4245739065431322c) F:\WINDOWS\system32\rpcss.dll
02:51:57.0750 3664 DcomLaunch - ok
02:51:57.0781 3664 Dhcp (5e38d7684a49cacfb752b046357e0589) F:\WINDOWS\System32\dhcpcsvc.dll
02:51:57.0906 3664 Dhcp - ok
02:51:57.0937 3664 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
02:51:58.0046 3664 Disk - ok
02:51:58.0046 3664 dmadmin - ok
02:51:58.0093 3664 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
02:51:58.0218 3664 dmboot - ok
02:51:58.0265 3664 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
02:51:58.0375 3664 dmio - ok
02:51:58.0406 3664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
02:51:58.0500 3664 dmload - ok
02:51:58.0515 3664 dmserver (57edec2e5f59f0335e92f35184bc8631) F:\WINDOWS\System32\dmserver.dll
02:51:58.0609 3664 dmserver - ok
02:51:58.0625 3664 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
02:51:58.0718 3664 DMusic - ok
02:51:58.0765 3664 Dnscache (5f7e24fa9eab896051ffb87f840730d2) F:\WINDOWS\System32\dnsrslvr.dll
02:51:58.0796 3664 Dnscache - ok
02:51:58.0828 3664 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) F:\WINDOWS\System32\dot3svc.dll
02:51:58.0921 3664 Dot3svc - ok
02:51:58.0921 3664 dpti2o - ok
02:51:58.0937 3664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
02:51:59.0031 3664 drmkaud - ok
02:51:59.0062 3664 e1express (34aaa3b298a852b3663e6e0d94d12945) F:\WINDOWS\system32\DRIVERS\e1e5132.sys
02:51:59.0093 3664 e1express - ok
02:51:59.0140 3664 EapHost (2187855a7703adef0cef9ee4285182cc) F:\WINDOWS\System32\eapsvc.dll
02:51:59.0250 3664 EapHost - ok
02:51:59.0281 3664 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) F:\WINDOWS\system32\epmntdrv.sys
02:51:59.0312 3664 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
02:51:59.0312 3664 epmntdrv - detected UnsignedFile.Multi.Generic (1)
02:51:59.0328 3664 ERSvc (bc93b4a066477954555966d77fec9ecb) F:\WINDOWS\System32\ersvc.dll
02:51:59.0437 3664 ERSvc - ok
02:51:59.0437 3664 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) F:\WINDOWS\system32\EuGdiDrv.sys
02:51:59.0468 3664 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
02:51:59.0468 3664 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
02:51:59.0484 3664 Eventlog (65df52f5b8b6e9bbd183505225c37315) F:\WINDOWS\system32\services.exe
02:51:59.0515 3664 Eventlog - ok
02:51:59.0562 3664 eventloganalyzer - ok
02:51:59.0593 3664 EventSystem (d4991d98f2db73c60d042f1aef79efae) F:\WINDOWS\system32\es.dll
02:51:59.0609 3664 EventSystem - ok
02:51:59.0656 3664 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
02:51:59.0750 3664 Fastfat - ok
02:51:59.0812 3664 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
02:51:59.0828 3664 FastUserSwitchingCompatibility - ok
02:51:59.0843 3664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
02:51:59.0953 3664 Fdc - ok
02:51:59.0968 3664 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
02:52:00.0062 3664 Fips - ok
02:52:00.0109 3664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:52:00.0203 3664 Flpydisk - ok
02:52:00.0234 3664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
02:52:00.0328 3664 FltMgr - ok
02:52:00.0406 3664 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:52:00.0406 3664 FontCache3.0.0.0 - ok
02:52:00.0437 3664 FreshIO - ok
02:52:00.0453 3664 fssfltr (e0087225b137e57239ff40f8ae82059b) F:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:52:00.0468 3664 fssfltr - ok
02:52:00.0546 3664 fsssvc (45b52394f9624237f33a8a3d73c0b221) F:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:52:00.0593 3664 fsssvc - ok
02:52:00.0625 3664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
02:52:00.0734 3664 Fs_Rec - ok
02:52:00.0750 3664 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:52:00.0859 3664 Ftdisk - ok
02:52:00.0875 3664 giveio (77ebf3e9386daa51551af429052d88d0) F:\WINDOWS\system32\giveio.sys
02:52:00.0890 3664 giveio ( UnsignedFile.Multi.Generic ) - warning
02:52:00.0890 3664 giveio - detected UnsignedFile.Multi.Generic (1)
02:52:00.0921 3664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
02:52:01.0031 3664 Gpc - ok
02:52:01.0078 3664 gupdate (f02a533f517eb38333cb12a9e8963773) F:\Program Files\Google\Update\GoogleUpdate.exe
02:52:01.0093 3664 gupdate - ok
02:52:01.0093 3664 gupdatem (f02a533f517eb38333cb12a9e8963773) F:\Program Files\Google\Update\GoogleUpdate.exe
02:52:01.0093 3664 gupdatem - ok
02:52:01.0109 3664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:52:01.0218 3664 HDAudBus - ok
02:52:01.0296 3664 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:52:01.0390 3664 helpsvc - ok
02:52:01.0406 3664 HidServ (deb04da35cc871b6d309b77e1443c796) F:\WINDOWS\System32\hidserv.dll
02:52:01.0515 3664 HidServ - ok
02:52:01.0531 3664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
02:52:01.0640 3664 hidusb - ok
02:52:01.0671 3664 hkmsvc (8878bd685e490239777bfe51320b88e9) F:\WINDOWS\System32\kmsvc.dll
02:52:01.0765 3664 hkmsvc - ok
02:52:01.0781 3664 hpn - ok
02:52:01.0812 3664 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
02:52:01.0843 3664 HTTP - ok
02:52:01.0875 3664 HTTPFilter (6100a808600f44d999cebdef8841c7a3) F:\WINDOWS\System32\w3ssl.dll
02:52:01.0984 3664 HTTPFilter - ok
02:52:01.0984 3664 i2omgmt - ok
02:52:01.0984 3664 i2omp - ok
02:52:02.0015 3664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\drivers\i8042prt.sys
02:52:02.0109 3664 i8042prt - ok
02:52:02.0734 3664 ialm (28423512370705aeda6a652fedb25468) F:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:52:03.0390 3664 ialm - ok
02:52:03.0531 3664 idsvc (c01ac32dc5c03076cfb852cb5da5229c) F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:52:03.0593 3664 idsvc - ok
02:52:03.0671 3664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
02:52:03.0765 3664 Imapi - ok
02:52:03.0796 3664 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) F:\WINDOWS\system32\imapi.exe
02:52:03.0906 3664 ImapiService - ok
02:52:03.0906 3664 ini910u - ok
02:52:04.0125 3664 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) F:\WINDOWS\system32\drivers\RtkHDAud.sys
02:52:04.0625 3664 IntcAzAudAddService - ok
02:52:04.0718 3664 IntelIde - ok
02:52:04.0750 3664 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
02:52:04.0843 3664 intelppm - ok
02:52:04.0875 3664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
02:52:04.0968 3664 Ip6Fw - ok
02:52:05.0015 3664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:52:05.0093 3664 IpFilterDriver - ok
02:52:05.0140 3664 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
02:52:05.0250 3664 IpInIp - ok
02:52:05.0281 3664 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
02:52:05.0375 3664 IpNat - ok
02:52:05.0406 3664 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
02:52:05.0500 3664 IPSec - ok
02:52:05.0515 3664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
02:52:05.0562 3664 IRENUM - ok
02:52:05.0578 3664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
02:52:05.0687 3664 isapnp - ok
02:52:05.0765 3664 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) F:\Program Files\Java\jre6\bin\jqs.exe
02:52:05.0781 3664 JavaQuickStarterService - ok
02:52:05.0796 3664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:52:05.0890 3664 Kbdclass - ok
02:52:05.0906 3664 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:52:06.0000 3664 kbdhid - ok
02:52:06.0031 3664 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
02:52:06.0125 3664 kmixer - ok
02:52:06.0156 3664 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
02:52:06.0187 3664 KSecDD - ok
02:52:06.0234 3664 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) F:\WINDOWS\System32\srvsvc.dll
02:52:06.0265 3664 lanmanserver - ok
02:52:06.0296 3664 lanmanworkstation (a8888a5327621856c0cec4e385f69309) F:\WINDOWS\System32\wkssvc.dll
02:52:06.0343 3664 lanmanworkstation - ok
02:52:06.0343 3664 lbrtfdc - ok
02:52:06.0375 3664 LmHosts (a7db739ae99a796d91580147e919cc59) F:\WINDOWS\System32\lmhsvc.dll
02:52:06.0484 3664 LmHosts - ok
02:52:06.0484 3664 lxcg_device - ok
02:52:06.0578 3664 McciCMService (e6cb119ef2e148eaa1a247343550756e) F:\Program Files\Common Files\Motive\McciCMService.exe
02:52:06.0593 3664 McciCMService ( UnsignedFile.Multi.Generic ) - warning
02:52:06.0593 3664 McciCMService - detected UnsignedFile.Multi.Generic (1)
02:52:06.0609 3664 Messenger (986b1ff5814366d71e0ac5755c88f2d3) F:\WINDOWS\System32\msgsvc.dll
02:52:06.0703 3664 Messenger - ok
02:52:06.0734 3664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
02:52:06.0812 3664 mnmdd - ok
02:52:06.0843 3664 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) F:\WINDOWS\system32\mnmsrvc.exe
02:52:06.0953 3664 mnmsrvc - ok
02:52:06.0984 3664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
02:52:07.0078 3664 Modem - ok
02:52:07.0109 3664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
02:52:07.0203 3664 Mouclass - ok
02:52:07.0218 3664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
02:52:07.0312 3664 mouhid - ok
02:52:07.0343 3664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
02:52:07.0437 3664 MountMgr - ok
02:52:07.0437 3664 mraid35x - ok
02:52:07.0437 3664 MREMP50 - ok
02:52:07.0453 3664 MRESP50 - ok
02:52:07.0484 3664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:52:07.0578 3664 MRxDAV - ok
02:52:07.0625 3664 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:52:07.0656 3664 MRxSmb - ok
02:52:07.0687 3664 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) F:\WINDOWS\system32\msdtc.exe
02:52:07.0796 3664 MSDTC - ok
02:52:07.0812 3664 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
02:52:07.0906 3664 Msfs - ok
02:52:07.0921 3664 MSIServer - ok
02:52:07.0937 3664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
02:52:08.0031 3664 MSKSSRV - ok
02:52:08.0046 3664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:52:08.0140 3664 MSPCLOCK - ok
02:52:08.0156 3664 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
02:52:08.0250 3664 MSPQM - ok
02:52:08.0265 3664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:52:08.0359 3664 mssmbios - ok
02:52:08.0390 3664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) F:\WINDOWS\system32\drivers\MSTEE.sys
02:52:08.0484 3664 MSTEE - ok
02:52:08.0531 3664 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
02:52:08.0562 3664 Mup - ok
02:52:08.0593 3664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:52:08.0718 3664 NABTSFEC - ok
02:52:08.0765 3664 napagent (0102140028fad045756796e1c685d695) F:\WINDOWS\System32\qagentrt.dll
02:52:08.0875 3664 napagent - ok
02:52:08.0906 3664 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
02:52:09.0000 3664 NDIS - ok
02:52:09.0031 3664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) F:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:52:09.0140 3664 NdisIP - ok
02:52:09.0171 3664 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:52:09.0187 3664 NdisTapi - ok
02:52:09.0203 3664 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:52:09.0281 3664 Ndisuio - ok
02:52:09.0312 3664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:52:09.0406 3664 NdisWan - ok
02:52:09.0437 3664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
02:52:09.0453 3664 NDProxy - ok
02:52:09.0484 3664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
02:52:09.0593 3664 NetBIOS - ok
02:52:09.0609 3664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
02:52:09.0703 3664 NetBT - ok
02:52:09.0734 3664 NetDDE (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
02:52:09.0859 3664 NetDDE - ok
02:52:09.0859 3664 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
02:52:09.0953 3664 NetDDEdsdm - ok
02:52:09.0984 3664 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
02:52:10.0078 3664 Netlogon - ok
02:52:10.0109 3664 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) F:\WINDOWS\System32\netman.dll
02:52:10.0203 3664 Netman - ok
02:52:10.0281 3664 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:52:10.0296 3664 NetTcpPortSharing - ok
02:52:10.0359 3664 Nla (943337d786a56729263071623bbb9de5) F:\WINDOWS\System32\mswsock.dll
02:52:10.0375 3664 Nla - ok
02:52:10.0437 3664 nosGetPlusHelper (ef7a048fe8e3f102c78c9bd7c448bb6c) F:\Program Files\NOS\bin\getPlus_Helper_3004.dll
02:52:10.0437 3664 nosGetPlusHelper - ok
02:52:10.0468 3664 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
02:52:10.0562 3664 Npfs - ok
02:52:10.0593 3664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
02:52:10.0687 3664 Ntfs - ok
02:52:10.0703 3664 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
02:52:10.0796 3664 NtLmSsp - ok
02:52:10.0843 3664 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) F:\WINDOWS\system32\ntmssvc.dll
02:52:10.0953 3664 NtmsSvc - ok
02:52:10.0968 3664 NuidFltr (cf7e041663119e09d2e118521ada9300) F:\WINDOWS\system32\DRIVERS\NuidFltr.sys
02:52:10.0984 3664 NuidFltr - ok
02:52:11.0000 3664 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
02:52:11.0109 3664 Null - ok
02:52:11.0140 3664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:52:11.0234 3664 NwlnkFlt - ok
02:52:11.0250 3664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:52:11.0343 3664 NwlnkFwd - ok
02:52:11.0406 3664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:52:11.0421 3664 ose - ok
02:52:11.0609 3664 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:52:12.0171 3664 osppsvc - ok
02:52:12.0281 3664 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) F:\WINDOWS\system32\p2pgasvc.dll
02:52:12.0390 3664 p2pgasvc - ok
02:52:12.0421 3664 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) F:\WINDOWS\system32\p2psvc.dll
02:52:12.0562 3664 p2pimsvc - ok
02:52:12.0578 3664 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) F:\WINDOWS\system32\p2psvc.dll
02:52:12.0687 3664 p2psvc - ok
02:52:12.0734 3664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\drivers\Parport.sys
02:52:12.0843 3664 Parport - ok
02:52:12.0875 3664 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
02:52:12.0968 3664 PartMgr - ok
02:52:12.0984 3664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
02:52:13.0078 3664 ParVdm - ok
02:52:13.0093 3664 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
02:52:13.0187 3664 PCI - ok
02:52:13.0187 3664 PCIDump - ok
02:52:13.0218 3664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
02:52:13.0312 3664 PCIIde - ok
02:52:13.0343 3664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
02:52:13.0437 3664 Pcmcia - ok
02:52:13.0437 3664 PDCOMP - ok
02:52:13.0453 3664 PDFRAME - ok
02:52:13.0453 3664 PDRELI - ok
02:52:13.0453 3664 PDRFRAME - ok
02:52:13.0453 3664 perc2 - ok
02:52:13.0468 3664 perc2hib - ok
02:52:13.0500 3664 PlugPlay (65df52f5b8b6e9bbd183505225c37315) F:\WINDOWS\system32\services.exe
02:52:13.0515 3664 PlugPlay - ok
02:52:13.0531 3664 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) F:\WINDOWS\system32\p2psvc.dll
02:52:13.0625 3664 PNRPSvc - ok
02:52:13.0671 3664 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) F:\WINDOWS\system32\DRIVERS\point32.sys
02:52:13.0703 3664 Point32 - ok
02:52:13.0734 3664 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
02:52:13.0828 3664 PolicyAgent - ok
02:52:13.0859 3664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
02:52:13.0953 3664 PptpMiniport - ok
02:52:13.0953 3664 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
02:52:14.0046 3664 ProtectedStorage - ok
02:52:14.0062 3664 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
02:52:14.0156 3664 PSched - ok
02:52:14.0187 3664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
02:52:14.0265 3664 Ptilink - ok
02:52:14.0281 3664 ql1080 - ok
02:52:14.0281 3664 Ql10wnt - ok
02:52:14.0281 3664 ql12160 - ok
02:52:14.0296 3664 ql1240 - ok
02:52:14.0296 3664 ql1280 - ok
02:52:14.0328 3664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
02:52:14.0421 3664 RasAcd - ok
02:52:14.0453 3664 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) F:\WINDOWS\System32\rasauto.dll
02:52:14.0562 3664 RasAuto - ok
02:52:14.0578 3664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:52:14.0671 3664 Rasl2tp - ok
02:52:14.0703 3664 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) F:\WINDOWS\System32\rasmans.dll
02:52:14.0812 3664 RasMan - ok
02:52:14.0828 3664 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:52:14.0921 3664 RasPppoe - ok
02:52:14.0937 3664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
02:52:15.0015 3664 Raspti - ok
02:52:15.0046 3664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
02:52:15.0140 3664 Rdbss - ok
02:52:15.0156 3664 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:52:15.0250 3664 RDPCDD - ok
02:52:15.0281 3664 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
02:52:15.0312 3664 RDPWD - ok
02:52:15.0359 3664 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) F:\WINDOWS\system32\sessmgr.exe
02:52:15.0453 3664 RDSessMgr - ok
02:52:15.0468 3664 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
02:52:15.0562 3664 redbook - ok
02:52:15.0593 3664 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) F:\WINDOWS\System32\mprdim.dll
02:52:15.0687 3664 RemoteAccess - ok
02:52:15.0718 3664 RpcLocator (aaed593f84afa419bbae8572af87cf6a) F:\WINDOWS\system32\locator.exe
02:52:15.0796 3664 RpcLocator - ok
02:52:15.0843 3664 RpcSs (6b27a5c03dfb94b4245739065431322c) F:\WINDOWS\System32\rpcss.dll
02:52:15.0875 3664 RpcSs - ok
02:52:15.0890 3664 RSVP (471b3f9741d762abe75e9deea4787e47) F:\WINDOWS\system32\rsvp.exe
02:52:16.0015 3664 RSVP - ok
02:52:16.0031 3664 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
02:52:16.0140 3664 SamSs - ok
02:52:16.0171 3664 SCardSvr (86d007e7a654b9a71d1d7d856b104353) F:\WINDOWS\System32\SCardSvr.exe
02:52:16.0281 3664 SCardSvr - ok
02:52:16.0328 3664 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) F:\WINDOWS\system32\schedsvc.dll
02:52:16.0437 3664 Schedule - ok
02:52:16.0546 3664 SeaPort (d358e077a0a05d9b12da22d137ee8464) F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:52:16.0562 3664 SeaPort - ok
02:52:16.0593 3664 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
02:52:16.0640 3664 Secdrv - ok
02:52:16.0656 3664 seclogon (cbe612e2bb6a10e3563336191eda1250) F:\WINDOWS\System32\seclogon.dll
02:52:16.0765 3664 seclogon - ok
02:52:16.0781 3664 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) F:\WINDOWS\system32\sens.dll
02:52:16.0890 3664 SENS - ok
02:52:16.0921 3664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\drivers\Serial.sys
02:52:17.0015 3664 Serial - ok
02:52:17.0031 3664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
02:52:17.0140 3664 Sfloppy - ok
02:52:17.0250 3664 Sftfs (44d20201a6c3fe4a634a559f8105f5b4) F:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
02:52:17.0281 3664 Sftfs - ok
02:52:17.0453 3664 sftlist (98856cb70c327adbf51325d10db39137) F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
02:52:17.0468 3664 sftlist - ok
02:52:17.0515 3664 Sftplay (0e108d75f8db551669e5eb37cbf5bc02) F:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
02:52:17.0546 3664 Sftplay - ok
02:52:17.0593 3664 Sftredir (65b31b4ba9efeace4dd95ed94051139f) F:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
02:52:17.0593 3664 Sftredir - ok
02:52:17.0656 3664 Sftvol (97604f605310f50dc49a2994c3264a42) F:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
02:52:17.0656 3664 Sftvol - ok
02:52:17.0734 3664 sftvsa (146842398fd7855fc98095fce7f5859d) F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
02:52:17.0734 3664 sftvsa - ok
02:52:17.0781 3664 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) F:\WINDOWS\System32\ipnathlp.dll
02:52:17.0906 3664 SharedAccess - ok
02:52:17.0953 3664 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
02:52:17.0984 3664 ShellHWDetection - ok
02:52:17.0984 3664 Simbad - ok
02:52:18.0015 3664 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) F:\WINDOWS\system32\tcpsvcs.exe
02:52:18.0109 3664 SimpTcp - ok
02:52:18.0125 3664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) F:\WINDOWS\system32\DRIVERS\SLIP.sys
02:52:18.0234 3664 SLIP - ok
02:52:18.0234 3664 Sparrow - ok
02:52:18.0265 3664 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) F:\WINDOWS\system32\speedfan.sys
02:52:18.0281 3664 speedfan - ok
02:52:18.0312 3664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
02:52:18.0406 3664 splitter - ok
02:52:18.0437 3664 Spooler (60784f891563fb1b767f70117fc2428f) F:\WINDOWS\system32\spoolsv.exe
02:52:18.0468 3664 Spooler - ok
02:52:18.0468 3664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
02:52:18.0515 3664 sr - ok
02:52:18.0546 3664 srservice (3805df0ac4296a34ba4bf93b346cc378) F:\WINDOWS\system32\srsvc.dll
02:52:18.0609 3664 srservice - ok
02:52:18.0656 3664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
02:52:18.0703 3664 Srv - ok
02:52:18.0734 3664 SSDPSRV (0a5679b3714edab99e357057ee88fca6) F:\WINDOWS\System32\ssdpsrv.dll
02:52:18.0781 3664 SSDPSRV - ok
02:52:18.0812 3664 stisvc (8bad69cbac032d4bbacfce0306174c30) F:\WINDOWS\system32\wiaservc.dll
02:52:18.0937 3664 stisvc - ok
02:52:18.0953 3664 streamip (77813007ba6265c4b6098187e6ed79d2) F:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:52:19.0046 3664 streamip - ok
02:52:19.0078 3664 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
02:52:19.0171 3664 swenum - ok
02:52:19.0187 3664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
02:52:19.0281 3664 swmidi - ok
02:52:19.0281 3664 SwPrv - ok
02:52:19.0296 3664 symc810 - ok
02:52:19.0296 3664 symc8xx - ok
02:52:19.0296 3664 sym_hi - ok
02:52:19.0296 3664 sym_u3 - ok
02:52:19.0328 3664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
02:52:19.0421 3664 sysaudio - ok
02:52:19.0453 3664 SysmonLog (c7abbc59b43274b1109df6b24d617051) F:\WINDOWS\system32\smlogsvc.exe
02:52:19.0578 3664 SysmonLog - ok
02:52:19.0593 3664 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) F:\WINDOWS\System32\tapisrv.dll
02:52:19.0687 3664 TapiSrv - ok
02:52:19.0734 3664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
02:52:19.0750 3664 Tcpip - ok
02:52:19.0781 3664 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) F:\WINDOWS\system32\DRIVERS\tcpip6.sys
02:52:19.0812 3664 Tcpip6 - ok
02:52:19.0843 3664 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
02:52:19.0937 3664 TDPIPE - ok
02:52:19.0953 3664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
02:52:20.0046 3664 TDTCP - ok
02:52:20.0062 3664 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
02:52:20.0156 3664 TermDD - ok
02:52:20.0203 3664 TermService (ff3477c03be7201c294c35f684b3479f) F:\WINDOWS\System32\termsrv.dll
02:52:20.0296 3664 TermService - ok
02:52:20.0343 3664 Themes (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
02:52:20.0359 3664 Themes - ok
02:52:20.0375 3664 TosIde - ok
02:52:20.0390 3664 TrkWks (55bca12f7f523d35ca3cb833c725f54e) F:\WINDOWS\system32\trkwks.dll
02:52:20.0500 3664 TrkWks - ok
02:52:20.0515 3664 tunmp (8f861eda21c05857eb8197300a92501c) F:\WINDOWS\system32\DRIVERS\tunmp.sys
02:52:20.0609 3664 tunmp - ok
02:52:20.0640 3664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
02:52:20.0750 3664 Udfs - ok
02:52:20.0750 3664 ultra - ok
02:52:20.0781 3664 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
02:52:20.0906 3664 Update - ok
02:52:20.0937 3664 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) F:\WINDOWS\System32\upnphost.dll
02:52:20.0984 3664 upnphost - ok
02:52:21.0000 3664 UPS (05365fb38fca1e98f7a566aaaf5d1815) F:\WINDOWS\System32\ups.exe
02:52:21.0078 3664 UPS - ok
02:52:21.0109 3664 usbaudio (e919708db44ed8543a7c017953148330) F:\WINDOWS\system32\drivers\usbaudio.sys
02:52:21.0203 3664 usbaudio - ok
02:52:21.0218 3664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:52:21.0328 3664 usbccgp - ok
02:52:21.0343 3664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
02:52:21.0437 3664 usbehci - ok
02:52:21.0437 3664 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
02:52:21.0531 3664 usbhub - ok
02:52:21.0562 3664 usbprint (a717c8721046828520c9edf31288fc00) F:\WINDOWS\system32\DRIVERS\usbprint.sys
02:52:21.0671 3664 usbprint - ok
02:52:21.0671 3664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
02:52:21.0765 3664 usbscan - ok
02:52:21.0781 3664 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:52:21.0875 3664 usbstor - ok
02:52:21.0875 3664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:52:21.0984 3664 usbuhci - ok
02:52:22.0015 3664 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) F:\WINDOWS\system32\Drivers\usbvideo.sys
02:52:22.0109 3664 usbvideo - ok
02:52:22.0187 3664 VDSDK - ok
02:52:22.0218 3664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
02:52:22.0312 3664 VgaSave - ok
02:52:22.0312 3664 ViaIde - ok
02:52:22.0328 3664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
02:52:22.0421 3664 VolSnap - ok
02:52:22.0468 3664 VSS (7a9db3a67c333bf0bd42e42b8596854b) F:\WINDOWS\System32\vssvc.exe
02:52:22.0531 3664 VSS - ok
02:52:22.0781 3664 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
02:52:22.0828 3664 vToolbarUpdater10.2.0 - ok
02:52:22.0859 3664 W32Time (54af4b1d5459500ef0937f6d33b1914f) F:\WINDOWS\system32\w32time.dll
02:52:22.0968 3664 W32Time - ok
02:52:23.0031 3664 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
02:52:23.0125 3664 Wanarp - ok
02:52:23.0156 3664 Wdf01000 (fd47474bd21794508af449d9d91af6e6) F:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:52:23.0203 3664 Wdf01000 - ok
02:52:23.0203 3664 WDICA - ok
02:52:23.0234 3664 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
02:52:23.0328 3664 wdmaud - ok
02:52:23.0359 3664 WebClient (77a354e28153ad2d5e120a5a8687bc06) F:\WINDOWS\System32\webclnt.dll
02:52:23.0453 3664 WebClient - ok
02:52:23.0484 3664 wimmount (05fb36a51e04a6c6b3a5f125fa692e6b) F:\WINDOWS\system32\DRIVERS\wimmount.sys
02:52:23.0500 3664 wimmount - ok
02:52:23.0546 3664 winmgmt (2d0e4ed081963804ccc196a0929275b5) F:\WINDOWS\system32\wbem\WMIsvc.dll
02:52:23.0640 3664 winmgmt - ok
02:52:23.0671 3664 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) F:\WINDOWS\system32\MsPMSNSv.dll
02:52:23.0703 3664 WmdmPmSN - ok
02:52:23.0734 3664 WmiApSrv (e0673f1106e62a68d2257e376079f821) F:\WINDOWS\system32\wbem\wmiapsrv.exe
02:52:23.0843 3664 WmiApSrv - ok
02:52:23.0953 3664 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) F:\Program Files\Windows Media Player\WMPNetwk.exe
02:52:24.0046 3664 WMPNetworkSvc - ok
02:52:24.0406 3664 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:52:24.0453 3664 WPFFontCache_v0400 - ok
02:52:24.0546 3664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
02:52:24.0656 3664 WS2IFSL - ok
02:52:24.0687 3664 wscsvc (7c278e6408d1dce642230c0585a854d5) F:\WINDOWS\system32\wscsvc.dll
02:52:24.0796 3664 wscsvc - ok
02:52:24.0828 3664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:52:24.0921 3664 WSTCODEC - ok
02:52:25.0000 3664 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
02:52:25.0140 3664 wuauserv - ok
02:52:25.0171 3664 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:52:25.0203 3664 WudfPf - ok
02:52:25.0218 3664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:52:25.0234 3664 WudfRd - ok
02:52:25.0250 3664 WudfSvc (05231c04253c5bc30b26cbaae680ed89) F:\WINDOWS\System32\WUDFSvc.dll
02:52:25.0281 3664 WudfSvc - ok
02:52:25.0328 3664 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) F:\WINDOWS\System32\wzcsvc.dll
02:52:25.0468 3664 WZCSVC - ok
02:52:25.0515 3664 xmlprov (295d21f14c335b53cb8154e5b1f892b9) F:\WINDOWS\System32\xmlprov.dll
02:52:25.0609 3664 xmlprov - ok
02:52:25.0625 3664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:52:25.0796 3664 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:52:25.0796 3664 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:52:25.0796 3664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
02:52:26.0296 3664 \Device\Harddisk1\DR1 - ok
02:52:26.0312 3664 MBR (0x1B8) (dbae2d9d3daf77f43bec3269a0c1e08b) \Device\Harddisk2\DR6
02:52:29.0000 3664 \Device\Harddisk2\DR6 - ok
02:52:29.0000 3664 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk3\DR7
02:52:29.0609 3664 \Device\Harddisk3\DR7 - ok
02:52:29.0625 3664 Boot (0x1200) (da2049322eeb50b8033e36f736710861) \Device\Harddisk0\DR0\Partition0
02:52:29.0625 3664 \Device\Harddisk0\DR0\Partition0 - ok
02:52:29.0640 3664 Boot (0x1200) (9eb6174a38e6ae7529a5536f6c617d96) \Device\Harddisk0\DR0\Partition1
02:52:29.0640 3664 \Device\Harddisk0\DR0\Partition1 - ok
02:52:29.0640 3664 Boot (0x1200) (27f17e406e2a5d73efdbe2769adef8a4) \Device\Harddisk1\DR1\Partition0
02:52:29.0640 3664 \Device\Harddisk1\DR1\Partition0 - ok
02:52:29.0656 3664 Boot (0x1200) (feb664e36cef32d24cdb05e5c5f1672e) \Device\Harddisk2\DR6\Partition0
02:52:29.0656 3664 \Device\Harddisk2\DR6\Partition0 - ok
02:52:29.0656 3664 Boot (0x1200) (061e94419b33902f6129047860448db1) \Device\Harddisk3\DR7\Partition0
02:52:29.0656 3664 \Device\Harddisk3\DR7\Partition0 - ok
02:52:29.0656 3664 ============================================================
02:52:29.0656 3664 Scan finished
02:52:29.0656 3664 ============================================================
02:52:29.0765 3644 Detected object count: 8
02:52:29.0765 3644 Actual detected object count: 8
02:57:27.0250 3644 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0250 3644 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0250 3644 AVWEBCAM ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0250 3644 AVWEBCAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0250 3644 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0265 3644 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0265 3644 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0265 3644 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0265 3644 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0265 3644 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0265 3644 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0265 3644 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0265 3644 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
02:57:27.0265 3644 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:57:27.0265 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
02:57:27.0265 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#################################################################################################################################################

At this time when the computer starts, Yahoo instant messenger pops up
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

At this time when the computer starts, Yahoo instant messenger pops up

This is a setting in Yahoo Messenger


Open Yahoo Messenger > Click on Messenger on the top toolbar > Preferences > General > Untick: when I Start my Computer "Automatically Start Yahoo Messenger > APPLY > OK.


How is the computer performing otherwise?
  • 0

#14
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
She said that everything else seems to be okay. Automatic updates is working, firewall is on. Firefox is okay, no re-directs, pages are opening at normal speed.
I think you got this one taken care of.
My roommate and I both thank you CompCav. You did a great job. :cheers:
And once again, thank you for your patience. :thumbsup: ...ed
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP