Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cxpfy - double underlined links appearing everywhere

Started by purplekat , May 18 2012 06:34 AM

  • Please log in to reply

#1
purplekat
Posted 18 May 2012 - 06:34 AM

purplekat

    New Member

  • Member
  • Pip
  • 6 posts
Hi,
This morning when I went on the net I noticed that random words on posts in a forum were appearing blue and doubleunderlined. Hovering over the word didn't seem to show anything dodgy so I tried clicking on one and it showed as cxpfy.com then went through to some search page I'd never heard of before. These links are now appearing on every web page I visit.

I have scanned with AVG 2012 which found nothing, and with Malware Bytes anti malware which found PUP.Bundle.Installer.OI.

This seemed to have tagged onto something I downloaded yesterday which flagged as a threat so I aborted download but it still seemed to have done it - I think it may be something to do with babylon search which I thought I'd managed to uninstall.



OTL logfile created on: 18/05/2012 13:03:40 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 64.68% Memory free
7.74 Gb Paging File | 6.06 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150.80 Gb Total Space | 76.97 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive D: | 226.00 Gb Total Space | 225.89 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 13:03:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/05/04 20:22:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/04 18:42:20 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/04 08:40:56 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/05/04 08:40:54 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/04 07:50:30 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/06/14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/11/16 11:56:14 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/11/12 19:30:22 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/17 16:56:31 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/05/04 20:22:10 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 18:42:20 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/03/26 22:39:00 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/12/16 18:05:54 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/13 15:42:58 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/07/13 15:41:54 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/07/13 15:41:54 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/07/13 15:41:54 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/07/13 15:41:54 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/07/13 15:41:54 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/07/13 15:41:54 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/07/13 15:41:54 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/07/13 15:41:54 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll
MOD - [2011/07/13 15:41:54 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/07/13 15:41:54 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/07/13 15:41:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011/07/13 15:41:54 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/07/13 15:41:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011/07/13 15:41:52 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/07/13 15:12:46 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011/07/13 15:12:46 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011/07/13 15:12:18 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll
MOD - [2011/07/13 15:12:18 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll
MOD - [2011/07/13 15:12:16 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll
MOD - [2011/07/13 15:12:14 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011/07/13 15:12:14 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/07/13 15:12:14 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011/07/13 15:11:06 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2009/08/18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/02/03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/04 20:22:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 08:40:56 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/04 08:41:12 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 21:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012/05/17 16:56:30 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2012/05/04 08:41:12 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/05/04 08:41:12 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...380sk5sy481hu58
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...380sk5sy481hu58
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000262d1d3290
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB436GB436
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=75923829-f29a-4836-a5e3-bdef959e3475&query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-04 18:34:01&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:01&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox [2011/08/07 22:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/17 16:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 18:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 16:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/15 11:57:17 | 000,000,000 | ---D | M]

[2011/06/18 15:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/05/17 16:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\extensions
[2012/05/17 15:59:48 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\extensions\[email protected]
[2012/05/04 20:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/04 18:33:11 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/04 20:22:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 20:22:08 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/04 18:33:53 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/17 15:59:08 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/05/04 20:22:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/04 20:22:08 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 20:22:08 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/07 22:03:15 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/05/04 20:22:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 20:22:08 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [Spotify] C:\Users\User\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{610D1C2C-3E68-415E-852B-1B7DBE78FE31}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ff873907-40d3-11e0-b072-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff873907-40d3-11e0-b072-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4504AD34-C8F2-4BD2-9393-F0E48D3A6E28}
[2012/05/18 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{809B2B67-CB5F-4698-AF44-76A9EABBC694}
[2012/05/18 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/05/18 11:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/18 11:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/18 11:01:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/18 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/18 09:08:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BC841B5E-F25B-42DE-B3B9-3AF67048ABFE}
[2012/05/18 09:08:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4CA40CB5-A657-48F1-B90A-C5A0BD3F6D77}
[2012/05/17 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{604E8508-6E96-483C-AA65-D69D2CD549F1}
[2012/05/17 16:56:29 | 000,101,360 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/05/17 16:56:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Trusteer
[2012/05/17 16:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/05/17 16:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2012/05/17 16:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/05/17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{591C1F8D-E4B8-4F95-B00B-D8E833ED3393}
[2012/05/17 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A48FC917-C425-4BE9-B5E2-8DE53E77D34D}
[2012/05/17 16:40:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8AAFB56F-008B-4692-B0B0-FF421E9149B6}
[2012/05/17 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E2F97B17-5D7F-4D30-A11F-2459D75523D4}
[2012/05/17 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A624500C-151E-4761-ABEA-BEBEB07A7F8F}
[2012/05/17 15:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/17 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/17 10:29:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF7F198D-E576-4F33-94D2-63F6446D13C8}
[2012/05/17 10:28:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1456D3B4-280F-4C17-8E50-BC46E7648B4A}
[2012/05/15 18:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/15 18:42:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{261A34FA-5256-4BA6-9649-6B3F154A9971}
[2012/05/15 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6EEE6A2A-FD2A-4320-A4E0-E4CC238DFF4F}
[2012/05/14 19:49:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C78B2BA-4DF7-47C2-8B28-3B38EC23AAA4}
[2012/05/14 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{17EB5ABE-B12A-4DEB-8AA2-ECF35CDD99D9}
[2012/05/14 09:35:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E337F041-7857-4101-8E76-65EF02DDD368}
[2012/05/14 09:35:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{13EA3EB2-1A69-445B-BD5E-4E5CF8F540C7}
[2012/05/14 09:09:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DBE17BEB-45D3-4C97-B835-B6500795C89A}
[2012/05/14 09:09:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB4F0F86-2D34-4339-B311-C2807472AB7C}
[2012/05/13 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28755F7F-1D85-4B0C-BBC2-FC4B1A49C30D}
[2012/05/13 17:08:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6704D533-7906-4EB7-AD7F-753948024D06}
[2012/05/12 18:58:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AF8282ED-31AE-43C6-B0BA-417B1405E2E6}
[2012/05/12 18:57:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D1676531-D9F2-4784-9450-EE6DFDF070EE}
[2012/05/12 10:05:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F95333C-E137-4D50-8F1E-49F09A938759}
[2012/05/12 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0CDEB82-3998-4965-82D3-6D763CF93BF7}
[2012/05/11 12:13:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A4A1BA7B-9621-424B-A1CA-831AD3309D0D}
[2012/05/11 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9EE2779E-FE74-485D-AD4A-8EE4C3A3C7A9}
[2012/05/11 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{374215A1-B608-4419-A3F1-6F941B30482F}
[2012/05/11 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E554C283-96B5-4507-84E8-C5FBE2797FFF}
[2012/05/10 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9F47DE1F-6C31-4092-8B58-0F9DC2969E4D}
[2012/05/10 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AD722571-4869-4162-B30A-E0429F79FBFA}
[2012/05/09 19:40:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{86B952A2-A3BE-46DD-9E45-068B76B42AE3}
[2012/05/09 19:39:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C853A4A9-5A54-4142-9970-FDBD407C9C3D}
[2012/05/09 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5DC7BC74-37BF-40D5-8A63-E56DC1A7D549}
[2012/05/09 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{75532381-FD58-402C-A4AB-7F32DDB31FC3}
[2012/05/09 15:35:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A1264EF4-E172-4ED7-B705-75EFF3EC89E3}
[2012/05/09 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E82362A-3BDD-46CD-89F9-26115A911F46}
[2012/05/09 09:23:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8EF7CA5B-217B-45B3-9E76-62F388716E88}
[2012/05/09 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A860184-3F7C-40EA-A46A-04DC1F906C0E}
[2012/05/08 19:03:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A357ED3-168F-48D0-B48D-5B0BF3F511D1}
[2012/05/08 19:03:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FB685429-5906-45E7-965A-4B0AD1FDD5D9}
[2012/05/08 07:56:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E551201-04B4-43EC-9CA9-89C69EB7C608}
[2012/05/08 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{269DE3FD-392C-43A6-B6EA-AF91B1510392}
[2012/05/07 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B1C6E79E-F573-4987-BA77-72857A69A53A}
[2012/05/07 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF8489C2-D1AA-4956-B727-B6728A433447}
[2012/05/06 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9DCE6EB4-D31E-45B8-A1B0-1E668491A13A}
[2012/05/06 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A3195858-FDAC-432E-A90D-3D9A779C0DD7}
[2012/05/06 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D31ACADF-E900-43DA-AA5D-94AC0F0BA791}
[2012/05/06 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1304C9FE-80A4-4E2E-8DF2-019F2940AFB8}
[2012/05/05 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{871DE02F-5FDC-4238-B4C0-92BF65BDDAC9}
[2012/05/05 08:17:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61EB4DE8-46B2-4472-A754-79E281F693D8}
[2012/05/04 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/04 20:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/04 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23150882-9896-4C93-B07D-298DF4F310A5}
[2012/05/04 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A69DF7AA-63D7-4B33-B0C7-8B4FB6D82020}
[2012/05/04 18:32:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/05/04 18:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/04 16:11:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0A60856D-6E5A-4F23-9A33-4519249FD4EE}
[2012/05/04 16:10:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F9AAC0EC-2A30-46A1-8B60-DD9C4246FB66}
[2012/05/04 12:13:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64278FB5-CAF0-465D-A5A5-EB32EFD63434}
[2012/05/04 12:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FAC88EF8-8892-411D-A4ED-B32B35DD7C50}
[2012/05/04 09:14:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF909A9D-1602-48CA-A902-EF3ABE3913AA}
[2012/05/04 09:13:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C7B2FC-DDEB-4BA1-BCE8-65AD5947C410}
[2012/05/03 22:08:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7EEFC785-E976-4E13-AE4D-8E001C97CC89}
[2012/05/03 22:07:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F3A7955-315D-412D-9FCE-B9C549A0874A}
[2012/05/03 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B64FD2F4-F44D-4FD2-96B4-5C1DA2EEF872}
[2012/05/03 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99DA4407-09B3-4FCC-B98B-414C9F273CAD}
[2012/05/03 08:15:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{92CEB1AF-740C-4B3D-995D-E31720CF7C61}
[2012/05/03 08:14:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7A42B014-4C3E-4CCB-AE7B-F7AD22251194}
[2012/05/02 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8F09DAE3-1F1C-458E-A909-A77EF724F3AF}
[2012/05/02 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAAE6492-D02C-4E24-8079-03FB391DD310}
[2012/05/02 09:11:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{46A67CCB-EFF6-46A4-9126-C033321E88FF}
[2012/05/02 09:11:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{778E6913-3E19-494E-A864-32958E820D66}
[2012/05/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{366C3A2C-D3C9-4359-9DBF-48216CFF6E23}
[2012/05/01 07:56:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1A97A5EB-7139-4F9F-8D4D-1EBB63821891}
[2012/05/01 07:56:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA9076FD-BF27-42ED-B0FD-EFC1FC70D0B8}
[2012/04/30 18:45:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2B0E6B4-7C97-462D-BBDA-B679E0F87774}
[2012/04/30 18:45:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{54285735-AC94-42D1-B74A-DD16B8EE26DC}
[2012/04/30 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B7FBA503-3F32-46B5-92B4-8898D4D39A54}
[2012/04/30 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F9A1C1E-E8D2-4C3F-8796-5160D0AD5CB2}
[2012/04/29 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7BB6BEBD-E6D5-4841-8FE4-BB511F29FAAA}
[2012/04/29 15:55:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A8313082-B66A-43D7-8894-56816B7097D4}
[2012/04/29 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0C7ED099-DC7B-48E4-BC15-82B86BC07C7E}
[2012/04/28 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{11188811-D470-4C80-9440-D784A73F12D6}
[2012/04/28 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{46402F91-1B6E-46D3-BE68-075D9FB6111C}
[2012/04/28 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{69993431-E856-429C-9238-81A85190BE49}
[2012/04/28 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{246E6AAC-6642-4D8E-921F-991D925AB119}
[2012/04/28 08:04:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7C2AC2B2-D9A4-4E4B-9D21-DF65923177CD}
[2012/04/28 08:04:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E940C34C-6D87-46CC-97EE-8FBF2DC7A745}
[2012/04/27 17:37:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F37577A0-F701-4A82-9036-0C634065D106}
[2012/04/27 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C444AB77-AB2C-44C4-A433-76F18E7FFD36}
[2012/04/27 08:37:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A0E341FC-E303-4D3F-9EE8-2162C5004AE6}
[2012/04/27 08:37:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{86BC9D1E-3116-4603-9810-AF39F5E37EB3}
[2012/04/27 07:45:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E246F7C3-0BFC-4A0F-8358-222460BD7F64}
[2012/04/27 07:45:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6AEC536F-11DC-41D9-A65D-990E8E4B72B6}
[2012/04/26 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F84F4742-6C76-4041-98DF-82E829B8FEE5}
[2012/04/26 21:10:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE268B34-6C20-4E68-99A4-81502404C854}
[2012/04/26 07:49:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{93C8EA27-6164-490E-A745-025C93C48C0D}
[2012/04/26 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF174356-77FC-42EF-A557-CBF57EB97456}
[2012/04/25 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C94B212-BE18-4AD9-922F-EBAEB315EE5E}
[2012/04/25 09:44:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CC5A9564-47E8-4B58-9D02-D364A6057796}
[2012/04/25 09:19:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D4D6607E-2F5D-44C2-86FD-185C3F64ABBE}
[2012/04/25 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8858DDF1-72C8-4A18-8370-A1DEE3B51C34}
[2012/04/24 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7685F160-087E-453A-81BF-CB03249E09A1}
[2012/04/24 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A25962F6-122E-4BE3-B23C-2D33DEF01597}
[2012/04/23 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{30451ED8-785B-4D2F-9BD4-A17A8D76C2F7}
[2012/04/23 18:20:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE4CF5D3-3C67-4C8F-B14B-D0544B3BC8C2}
[2012/04/23 09:18:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/23 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45D9E359-970A-4876-9885-21344DD96FA8}
[2012/04/23 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1A8187E9-715D-4577-91BE-81E651F1E658}
[2012/04/22 17:28:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E115E92E-66F0-4E34-A749-DC36D303E83A}
[2012/04/22 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68E73EFF-01CB-4176-AC90-B21CF6C67AC5}
[2012/04/21 18:46:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{960A4CCD-14B0-4F8C-A483-C1644FB0340F}
[2012/04/21 18:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{390913A8-D3D9-4D06-BAF3-6EE08548F4D7}
[2012/04/21 08:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CC9E4D33-51B9-4A45-A9BB-8EF884F4ABAC}
[2012/04/21 08:02:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{57114D81-853C-4275-BBCC-9721A0AFFCE7}
[2012/04/20 08:43:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{421F2756-3F73-4E66-B49C-1B74D89D87B3}
[2012/04/20 08:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{12A9514A-9F7C-4080-A150-1251941630BB}
[2012/04/19 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DEE9D340-7E32-485B-AC6D-88DB3E9B4036}
[2012/04/19 13:15:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2AF2C59F-7E70-4EB2-8789-60C0A9FA42EF}
[2012/04/19 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{03C9E741-D240-4FE2-81DF-7D33A73ACB1A}
[2012/04/19 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FE4C4C33-7AA3-49A6-A55A-DB03BCD7AFDC}
[2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/18 18:36:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EC8B29AE-7C23-47CC-8B2E-09AEC4742C74}
[2012/04/18 18:36:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64D26249-ECA8-40AA-9ECE-BDA0E113BF40}
[2012/04/18 18:07:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5FC87791-326C-4C49-8B47-E85F4C9FF88E}
[2012/04/18 18:06:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{44A2C310-B59F-400B-88E2-61F6A7784AD8}

========== Files - Modified Within 30 Days ==========

[2012/05/18 12:48:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 12:48:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 12:40:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 12:40:38 | 3118,338,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 12:09:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000UA.job
[2012/05/18 11:01:24 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 09:58:04 | 098,543,313 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/17 16:41:46 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012/05/17 15:59:18 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/05/17 15:27:34 | 000,000,114 | ---- | M] () -- C:\Users\User\Desktop\updateall.cfg
[2012/05/16 20:09:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000Core.job
[2012/05/13 18:26:08 | 000,371,665 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/10 18:52:39 | 000,371,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 22:21:10 | 000,732,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 22:21:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 22:21:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/04 13:11:36 | 000,002,399 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/05/04 08:41:12 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/18 19:09:14 | 000,072,609 | ---- | M] () -- C:\Users\User\Documents\2012map.pdf
[2012/04/18 18:29:16 | 000,280,007 | ---- | M] () -- C:\Users\User\Documents\LAL2012schedule.pdf

========== Files Created - No Company Name ==========

[2012/05/18 11:01:24 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 15:59:16 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/05/17 15:27:33 | 000,000,114 | ---- | C] () -- C:\Users\User\Desktop\updateall.cfg
[2012/04/18 19:09:13 | 000,072,609 | ---- | C] () -- C:\Users\User\Documents\2012map.pdf
[2012/04/18 18:29:15 | 000,280,007 | ---- | C] () -- C:\Users\User\Documents\LAL2012schedule.pdf
[2011/06/18 22:05:06 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2011/06/18 21:03:57 | 000,007,598 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/06/18 15:37:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2011/07/09 16:37:21 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2012/05/04 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/05/17 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2011/07/27 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
[2011/07/09 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GameConsole
[2011/02/25 15:18:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2011/06/18 22:21:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2012/03/26 22:39:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/07/15 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2011/06/19 10:41:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerCinema
[2011/06/18 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftDMA
[2012/05/18 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2012/04/13 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2012/03/17 17:38:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 21 May 2012 - 01:02 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
purplekat
Posted 21 May 2012 - 02:24 PM

purplekat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Problem as before - not used windows in the meantime so no further steps taken yet

OTL logfile created on: 21/05/2012 21:15:43 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.18% Memory free
7.74 Gb Paging File | 6.03 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150.80 Gb Total Space | 77.15 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 226.00 Gb Total Space | 225.89 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 21:15:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL(1).exe
PRC - [2012/05/04 20:22:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/04 18:42:20 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/04 08:40:56 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/05/04 08:40:54 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/04 07:50:30 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/06/14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/11/16 11:56:14 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/11/12 19:30:22 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/17 16:56:31 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/05/04 20:22:10 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 18:42:20 | 000,932,528 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/03/26 22:39:00 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/13 15:42:58 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/07/13 15:41:54 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/07/13 15:41:54 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/07/13 15:41:54 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/07/13 15:41:54 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/07/13 15:41:54 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/07/13 15:41:54 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/07/13 15:41:54 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/07/13 15:41:54 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll
MOD - [2011/07/13 15:41:54 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/07/13 15:41:54 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/07/13 15:41:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011/07/13 15:41:54 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/07/13 15:41:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011/07/13 15:41:52 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/07/13 15:12:46 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011/07/13 15:12:46 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011/07/13 15:12:18 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll
MOD - [2011/07/13 15:12:18 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll
MOD - [2011/07/13 15:12:16 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll
MOD - [2011/07/13 15:12:14 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011/07/13 15:12:14 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/07/13 15:12:14 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011/07/13 15:11:06 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2009/08/18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/02/03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/04 20:22:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 08:40:56 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/04 08:41:12 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 21:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012/05/17 16:56:30 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2012/05/04 08:41:12 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/05/04 08:41:12 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...380sk5sy481hu58
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...380sk5sy481hu58
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...380sk5sy481hu58
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000262d1d3290
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB436GB436
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=75923829-f29a-4836-a5e3-bdef959e3475&query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-04 18:34:01&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:01&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\Firefox [2011/08/07 22:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/17 16:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/04 18:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/17 16:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/15 11:57:17 | 000,000,000 | ---D | M]

[2011/06/18 15:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/05/17 16:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\extensions
[2012/05/17 15:59:48 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\extensions\[email protected]
[2012/05/04 20:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/04 18:33:11 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/04 20:22:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 20:22:08 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/04 18:33:53 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/17 15:59:08 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/05/04 20:22:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/04 20:22:08 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 20:22:08 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/07 22:03:15 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/05/04 20:22:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 20:22:08 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [Spotify] C:\Users\User\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{610D1C2C-3E68-415E-852B-1B7DBE78FE31}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ff873907-40d3-11e0-b072-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff873907-40d3-11e0-b072-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 21:13:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{65835F37-23A4-4824-A430-AE7F792F8DA3}
[2012/05/21 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F21EAE99-D3E7-4D0A-9184-C37BD49E0668}
[2012/05/18 20:04:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F82F4D80-9603-43CE-AD2F-4C463C1A9563}
[2012/05/18 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4504AD34-C8F2-4BD2-9393-F0E48D3A6E28}
[2012/05/18 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{809B2B67-CB5F-4698-AF44-76A9EABBC694}
[2012/05/18 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/05/18 11:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/18 11:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/18 11:01:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/18 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/18 09:08:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BC841B5E-F25B-42DE-B3B9-3AF67048ABFE}
[2012/05/18 09:08:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4CA40CB5-A657-48F1-B90A-C5A0BD3F6D77}
[2012/05/17 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{604E8508-6E96-483C-AA65-D69D2CD549F1}
[2012/05/17 16:56:29 | 000,101,360 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/05/17 16:56:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Trusteer
[2012/05/17 16:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2012/05/17 16:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2012/05/17 16:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2012/05/17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{591C1F8D-E4B8-4F95-B00B-D8E833ED3393}
[2012/05/17 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A48FC917-C425-4BE9-B5E2-8DE53E77D34D}
[2012/05/17 16:40:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8AAFB56F-008B-4692-B0B0-FF421E9149B6}
[2012/05/17 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E2F97B17-5D7F-4D30-A11F-2459D75523D4}
[2012/05/17 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A624500C-151E-4761-ABEA-BEBEB07A7F8F}
[2012/05/17 15:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/17 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/17 10:29:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF7F198D-E576-4F33-94D2-63F6446D13C8}
[2012/05/17 10:28:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1456D3B4-280F-4C17-8E50-BC46E7648B4A}
[2012/05/15 18:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/15 18:42:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{261A34FA-5256-4BA6-9649-6B3F154A9971}
[2012/05/15 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6EEE6A2A-FD2A-4320-A4E0-E4CC238DFF4F}
[2012/05/14 19:49:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C78B2BA-4DF7-47C2-8B28-3B38EC23AAA4}
[2012/05/14 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{17EB5ABE-B12A-4DEB-8AA2-ECF35CDD99D9}
[2012/05/14 09:35:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E337F041-7857-4101-8E76-65EF02DDD368}
[2012/05/14 09:35:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{13EA3EB2-1A69-445B-BD5E-4E5CF8F540C7}
[2012/05/14 09:09:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DBE17BEB-45D3-4C97-B835-B6500795C89A}
[2012/05/14 09:09:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB4F0F86-2D34-4339-B311-C2807472AB7C}
[2012/05/13 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28755F7F-1D85-4B0C-BBC2-FC4B1A49C30D}
[2012/05/13 17:08:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6704D533-7906-4EB7-AD7F-753948024D06}
[2012/05/12 18:58:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AF8282ED-31AE-43C6-B0BA-417B1405E2E6}
[2012/05/12 18:57:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D1676531-D9F2-4784-9450-EE6DFDF070EE}
[2012/05/12 10:05:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F95333C-E137-4D50-8F1E-49F09A938759}
[2012/05/12 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0CDEB82-3998-4965-82D3-6D763CF93BF7}
[2012/05/11 12:13:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A4A1BA7B-9621-424B-A1CA-831AD3309D0D}
[2012/05/11 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9EE2779E-FE74-485D-AD4A-8EE4C3A3C7A9}
[2012/05/11 09:13:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{374215A1-B608-4419-A3F1-6F941B30482F}
[2012/05/11 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E554C283-96B5-4507-84E8-C5FBE2797FFF}
[2012/05/10 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9F47DE1F-6C31-4092-8B58-0F9DC2969E4D}
[2012/05/10 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AD722571-4869-4162-B30A-E0429F79FBFA}
[2012/05/09 19:40:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{86B952A2-A3BE-46DD-9E45-068B76B42AE3}
[2012/05/09 19:39:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C853A4A9-5A54-4142-9970-FDBD407C9C3D}
[2012/05/09 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5DC7BC74-37BF-40D5-8A63-E56DC1A7D549}
[2012/05/09 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{75532381-FD58-402C-A4AB-7F32DDB31FC3}
[2012/05/09 15:35:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A1264EF4-E172-4ED7-B705-75EFF3EC89E3}
[2012/05/09 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E82362A-3BDD-46CD-89F9-26115A911F46}
[2012/05/09 09:23:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8EF7CA5B-217B-45B3-9E76-62F388716E88}
[2012/05/09 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A860184-3F7C-40EA-A46A-04DC1F906C0E}
[2012/05/08 19:03:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A357ED3-168F-48D0-B48D-5B0BF3F511D1}
[2012/05/08 19:03:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FB685429-5906-45E7-965A-4B0AD1FDD5D9}
[2012/05/08 07:56:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E551201-04B4-43EC-9CA9-89C69EB7C608}
[2012/05/08 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{269DE3FD-392C-43A6-B6EA-AF91B1510392}
[2012/05/07 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B1C6E79E-F573-4987-BA77-72857A69A53A}
[2012/05/07 12:46:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF8489C2-D1AA-4956-B727-B6728A433447}
[2012/05/06 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9DCE6EB4-D31E-45B8-A1B0-1E668491A13A}
[2012/05/06 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A3195858-FDAC-432E-A90D-3D9A779C0DD7}
[2012/05/06 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D31ACADF-E900-43DA-AA5D-94AC0F0BA791}
[2012/05/06 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1304C9FE-80A4-4E2E-8DF2-019F2940AFB8}
[2012/05/05 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{871DE02F-5FDC-4238-B4C0-92BF65BDDAC9}
[2012/05/05 08:17:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{61EB4DE8-46B2-4472-A754-79E281F693D8}
[2012/05/04 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/04 20:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/04 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23150882-9896-4C93-B07D-298DF4F310A5}
[2012/05/04 18:42:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A69DF7AA-63D7-4B33-B0C7-8B4FB6D82020}
[2012/05/04 18:32:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/05/04 18:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/04 16:11:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0A60856D-6E5A-4F23-9A33-4519249FD4EE}
[2012/05/04 16:10:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F9AAC0EC-2A30-46A1-8B60-DD9C4246FB66}
[2012/05/04 12:13:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64278FB5-CAF0-465D-A5A5-EB32EFD63434}
[2012/05/04 12:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FAC88EF8-8892-411D-A4ED-B32B35DD7C50}
[2012/05/04 09:14:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF909A9D-1602-48CA-A902-EF3ABE3913AA}
[2012/05/04 09:13:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C7B2FC-DDEB-4BA1-BCE8-65AD5947C410}
[2012/05/03 22:08:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7EEFC785-E976-4E13-AE4D-8E001C97CC89}
[2012/05/03 22:07:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F3A7955-315D-412D-9FCE-B9C549A0874A}
[2012/05/03 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B64FD2F4-F44D-4FD2-96B4-5C1DA2EEF872}
[2012/05/03 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99DA4407-09B3-4FCC-B98B-414C9F273CAD}
[2012/05/03 08:15:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{92CEB1AF-740C-4B3D-995D-E31720CF7C61}
[2012/05/03 08:14:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7A42B014-4C3E-4CCB-AE7B-F7AD22251194}
[2012/05/02 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8F09DAE3-1F1C-458E-A909-A77EF724F3AF}
[2012/05/02 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAAE6492-D02C-4E24-8079-03FB391DD310}
[2012/05/02 09:11:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{46A67CCB-EFF6-46A4-9126-C033321E88FF}
[2012/05/02 09:11:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{778E6913-3E19-494E-A864-32958E820D66}
[2012/05/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{366C3A2C-D3C9-4359-9DBF-48216CFF6E23}
[2012/05/01 07:56:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1A97A5EB-7139-4F9F-8D4D-1EBB63821891}
[2012/05/01 07:56:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA9076FD-BF27-42ED-B0FD-EFC1FC70D0B8}
[2012/04/30 18:45:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2B0E6B4-7C97-462D-BBDA-B679E0F87774}
[2012/04/30 18:45:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{54285735-AC94-42D1-B74A-DD16B8EE26DC}
[2012/04/30 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B7FBA503-3F32-46B5-92B4-8898D4D39A54}
[2012/04/30 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F9A1C1E-E8D2-4C3F-8796-5160D0AD5CB2}
[2012/04/29 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7BB6BEBD-E6D5-4841-8FE4-BB511F29FAAA}
[2012/04/29 15:55:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A8313082-B66A-43D7-8894-56816B7097D4}
[2012/04/29 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0C7ED099-DC7B-48E4-BC15-82B86BC07C7E}
[2012/04/28 18:49:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{11188811-D470-4C80-9440-D784A73F12D6}
[2012/04/28 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{46402F91-1B6E-46D3-BE68-075D9FB6111C}
[2012/04/28 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{69993431-E856-429C-9238-81A85190BE49}
[2012/04/28 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{246E6AAC-6642-4D8E-921F-991D925AB119}
[2012/04/28 08:04:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7C2AC2B2-D9A4-4E4B-9D21-DF65923177CD}
[2012/04/28 08:04:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E940C34C-6D87-46CC-97EE-8FBF2DC7A745}
[2012/04/27 17:37:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F37577A0-F701-4A82-9036-0C634065D106}
[2012/04/27 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C444AB77-AB2C-44C4-A433-76F18E7FFD36}
[2012/04/27 08:37:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A0E341FC-E303-4D3F-9EE8-2162C5004AE6}
[2012/04/27 08:37:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{86BC9D1E-3116-4603-9810-AF39F5E37EB3}
[2012/04/27 07:45:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E246F7C3-0BFC-4A0F-8358-222460BD7F64}
[2012/04/27 07:45:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6AEC536F-11DC-41D9-A65D-990E8E4B72B6}
[2012/04/26 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F84F4742-6C76-4041-98DF-82E829B8FEE5}
[2012/04/26 21:10:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE268B34-6C20-4E68-99A4-81502404C854}
[2012/04/26 07:49:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{93C8EA27-6164-490E-A745-025C93C48C0D}
[2012/04/26 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF174356-77FC-42EF-A557-CBF57EB97456}
[2012/04/25 09:44:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C94B212-BE18-4AD9-922F-EBAEB315EE5E}
[2012/04/25 09:44:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CC5A9564-47E8-4B58-9D02-D364A6057796}
[2012/04/25 09:19:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D4D6607E-2F5D-44C2-86FD-185C3F64ABBE}
[2012/04/25 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8858DDF1-72C8-4A18-8370-A1DEE3B51C34}
[2012/04/24 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7685F160-087E-453A-81BF-CB03249E09A1}
[2012/04/24 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A25962F6-122E-4BE3-B23C-2D33DEF01597}
[2012/04/23 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{30451ED8-785B-4D2F-9BD4-A17A8D76C2F7}
[2012/04/23 18:20:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE4CF5D3-3C67-4C8F-B14B-D0544B3BC8C2}
[2012/04/23 09:18:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/23 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45D9E359-970A-4876-9885-21344DD96FA8}
[2012/04/23 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1A8187E9-715D-4577-91BE-81E651F1E658}
[2012/04/22 17:28:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E115E92E-66F0-4E34-A749-DC36D303E83A}
[2012/04/22 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68E73EFF-01CB-4176-AC90-B21CF6C67AC5}

========== Files - Modified Within 30 Days ==========

[2012/05/21 21:20:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 21:20:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 21:17:02 | 098,750,945 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/21 21:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/21 21:12:17 | 3118,338,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 14:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000UA.job
[2012/05/18 11:01:24 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 16:41:46 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012/05/17 15:59:18 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/05/17 15:27:34 | 000,000,114 | ---- | M] () -- C:\Users\User\Desktop\updateall.cfg
[2012/05/16 20:09:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000Core.job
[2012/05/13 18:26:08 | 000,371,665 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/10 18:52:39 | 000,371,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 22:21:10 | 000,732,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 22:21:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 22:21:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/04 13:11:36 | 000,002,399 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/05/04 08:41:12 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys

========== Files Created - No Company Name ==========

[2012/05/18 11:01:24 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 15:59:16 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/05/17 15:27:33 | 000,000,114 | ---- | C] () -- C:\Users\User\Desktop\updateall.cfg
[2011/06/18 22:05:06 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2011/06/18 21:03:57 | 000,007,598 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/06/18 15:37:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2011/07/09 16:37:21 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2012/05/04 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/05/17 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2011/07/27 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
[2011/07/09 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GameConsole
[2011/02/25 15:18:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2011/06/18 22:21:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
[2012/03/26 22:39:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/07/15 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2011/06/19 10:41:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PowerCinema
[2011/06/18 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftDMA
[2012/05/21 21:13:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2012/04/13 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2012/03/17 17:38:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
  • 0

#4
Gammo
Posted 22 May 2012 - 10:04 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000262d1d3290
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=75923829-f29a-4836-a5e3-bdef959e3475&query={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
[2012/05/17 15:59:48 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\extensions\[email protected]
[2012/05/17 15:59:08 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/08/07 22:03:15 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/05/17 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/05/17 15:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
purplekat
Posted 22 May 2012 - 04:16 PM

purplekat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Had a look on a few websites and the problem seems to have been cleared. No underlined links. Babylon has been removed. Everything seems to be running ok at the moment


ComboFix 12-05-22.02 - User 22/05/2012 22:51:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3965.2566 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@9D4@292770.###
c:\users\User\AppData\Roaming\.#\MBX@9D4@2927A0.###
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 21:59 . 2012-05-22 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 21:39 . 2012-05-22 21:39 -------- d-----w- C:\_OTL
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-18 10:01 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 15:56 . 2012-05-04 07:41 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-05-17 15:56 . 2012-05-17 15:56 -------- d-----w- c:\users\User\AppData\Local\Trusteer
2012-05-17 15:56 . 2012-05-17 15:56 -------- d-----w- c:\program files (x86)\Trusteer
2012-05-17 15:54 . 2012-05-17 15:54 -------- d-----w- c:\programdata\Trusteer
2012-05-17 14:59 . 2012-05-17 15:22 -------- d-----w- c:\programdata\Tarma Installer
2012-05-17 14:59 . 2012-05-17 14:59 250 ----a-w- C:\user.js
2012-05-09 17:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 17:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 17:37 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 17:37 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 17:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 17:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 17:36 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:35 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 17:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 17:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 17:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 17:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-04 19:22 . 2012-05-04 19:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 19:22 . 2012-05-04 19:22 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-04 19:22 . 2012-05-04 19:22 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-04 19:22 . 2012-05-04 19:22 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-04 19:22 . 2012-05-04 19:22 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-04 19:22 . 2012-05-04 19:22 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-04 19:22 . 2012-05-04 19:22 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 19:22 . 2012-05-04 19:22 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 17:32 . 2012-05-04 17:32 -------- d-----w- c:\users\User\AppData\Roaming\AVG2012
2012-05-04 17:32 . 2012-05-17 17:20 -------- d-----w- c:\programdata\AVG2012
2012-04-23 08:18 . 2012-05-04 17:32 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-19 04:17 . 2012-03-19 04:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-01 06:46 . 2012-04-12 07:44 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:44 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:44 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:44 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:44 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:44 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:50 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:50 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:50 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:50 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:50 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"Spotify"="c:\users\User\AppData\Roaming\Spotify\spotify.exe" [2012-05-04 9478320]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-05-17 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-04 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-04 297008]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-04 976696]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 12:57]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 12:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17360211ln07974380sk5sy481hu58
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4a23d936-c98f-40a6-9b03-0e3441bcb354%7D&mid=33897aacc32a47d18847d16f6bf9db63-199d7694bee20d59880a642b0a6b1abc2ab95ab7&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-04%2018%3A34%3A01&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e6b6d9c100000000000000262d1d3290
FF - user.js: extensions.BabylonToolbar_i.hardId - e6b6d9c100000000000000262d1d3290
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3652625155-3374161943-1070886533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3652625155-3374161943-1070886533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-05-22 23:05:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 22:05
.
Pre-Run: 85,267,025,920 bytes free
Post-Run: 85,103,169,536 bytes free
.
- - End Of File - - 83D12C0FBF1456E617A8C4C623B80949
  • 0

#6
purplekat
Posted 22 May 2012 - 04:18 PM

purplekat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Just to add the program started slightly earlier than I expected so antivirus was shutdown after warning before scan started
  • 0

#7
Gammo
Posted 23 May 2012 - 10:41 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Firefox::
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e6b6d9c100000000000000262d1d3290
FF - user.js: extensions.BabylonToolbar_i.hardId - e6b6d9c100000000000000262d1d3290
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.








Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
purplekat
Posted 23 May 2012 - 12:13 PM

purplekat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Latest combofix log

ComboFix 12-05-22.02 - User 23/05/2012 18:54:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3965.2620 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 18:01 . 2012-05-23 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 21:39 . 2012-05-22 21:39 -------- d-----w- C:\_OTL
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 10:01 . 2012-05-18 10:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-18 10:01 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 15:56 . 2012-05-04 07:41 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-05-17 15:56 . 2012-05-17 15:56 -------- d-----w- c:\users\User\AppData\Local\Trusteer
2012-05-17 15:56 . 2012-05-17 15:56 -------- d-----w- c:\program files (x86)\Trusteer
2012-05-17 15:54 . 2012-05-17 15:54 -------- d-----w- c:\programdata\Trusteer
2012-05-17 14:59 . 2012-05-17 15:22 -------- d-----w- c:\programdata\Tarma Installer
2012-05-17 14:59 . 2012-05-17 14:59 250 ----a-w- C:\user.js
2012-05-09 17:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 17:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 17:37 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 17:37 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 17:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 17:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 17:36 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:35 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 17:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 17:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 17:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 17:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-04 19:22 . 2012-05-04 19:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 19:22 . 2012-05-04 19:22 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-04 19:22 . 2012-05-04 19:22 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-04 19:22 . 2012-05-04 19:22 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-04 19:22 . 2012-05-04 19:22 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-04 19:22 . 2012-05-04 19:22 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-04 19:22 . 2012-05-04 19:22 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 19:22 . 2012-05-04 19:22 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 17:32 . 2012-05-04 17:32 -------- d-----w- c:\users\User\AppData\Roaming\AVG2012
2012-05-04 17:32 . 2012-05-17 17:20 -------- d-----w- c:\programdata\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-19 04:17 . 2012-03-19 04:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-01 06:46 . 2012-04-12 07:44 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 07:44 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 07:44 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 07:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 07:44 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:44 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:44 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:50 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:50 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:50 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:50 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:50 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-22_22.00.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-22 22:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-23 18:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-23 18:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 22:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 22:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 18:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-12 19:05 . 2012-05-23 17:37 71782 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-23 17:37 44852 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-25 12:25 . 2012-05-23 17:37 19140 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3652625155-3374161943-1070886533-1000_UserData.bin
- 2012-05-22 22:00 . 2012-05-22 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-23 18:02 . 2012-05-23 18:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-22 22:00 . 2012-05-22 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-23 18:02 . 2012-05-23 18:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-22 21:59 362916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-23 18:01 362916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-18 15:01 . 2012-05-23 18:01 17563636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3652625155-3374161943-1070886533-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]
"Spotify"="c:\users\User\AppData\Roaming\Spotify\spotify.exe" [2012-05-04 9478320]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-05-17 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-04 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-04 297008]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-04 976696]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 12:57]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652625155-3374161943-1070886533-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-18 12:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x3810&r=17360211ln07974380sk5sy481hu58
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jc5hwrmx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4a23d936-c98f-40a6-9b03-0e3441bcb354%7D&mid=33897aacc32a47d18847d16f6bf9db63-199d7694bee20d59880a642b0a6b1abc2ab95ab7&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-04%2018%3A34%3A01&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3652625155-3374161943-1070886533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3652625155-3374161943-1070886533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-05-23 19:07:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 18:07
ComboFix2.txt 2012-05-22 22:05
.
Pre-Run: 84,713,504,768 bytes free
Post-Run: 84,641,013,760 bytes free
.
- - End Of File - - 0C8E8C245BEFE320544088FBEDAAC6C0
  • 0

#9
purplekat
Posted 23 May 2012 - 12:31 PM

purplekat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malware bytes log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: DESKTOP [administrator]

23/05/2012 19:24:47
mbam-log-2012-05-23 (19-24-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203684
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Gammo
Posted 24 May 2012 - 06:34 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP