Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Virus attack from Email

Started by GeoffW , May 19 2012 07:50 AM

  • Please log in to reply

#1
GeoffW
Posted 19 May 2012 - 07:50 AM

GeoffW

    New Member

  • Member
  • Pip
  • 8 posts
Last week I opened an attachment in an email from a trusted friend. Apparently unknown to her, the account had been hacked and the email was infected. I had a warning from Microsoft Security Essentials of the attack, but it failed to prevent it.
The result was that my laptop was badly affected in the following ways:-
Internet connection was very slow and kept crashing
Unable to download anything to run checks
CD/DVD software disabled so preventing me from saving data

I removed the hard drive from the infected laptop and ran checks using MSE and Malwarebytes, which removed a lot of items.

Since doing this I have replaced the hard drive in the laptop and was then able to download Malwarebytes to run further scans. It appears to be clear. To be sure, I have now run OTL and attach the report below.
Can I now be sure that all infection has been removed?
As you may have already guessed, I have no technical knowledge of computers.

OTL logfile created on: 19/05/2012 11:37:39 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\First User\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.04 Mb Total Physical Memory | 204.52 Mb Available Physical Memory | 20.17% Memory free
2.38 Gb Paging File | 1.06 Gb Available in Paging File | 44.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 1.19 Gb Free Space | 2.23% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 37.26 Gb Free Space | 69.40% Space Free | Partition Type: FAT32

Computer Name: G-WOOD-ACER | User Name: First User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\First User\My Documents\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12051801\algo.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\35963433c896a9fde5298ab316aae1d9\SolutoCleanup.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ceeea581823a81233825b9b643715c36\PCGBootVisualizingCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\909efa78154e6af37dad1b8d91dd2e19\PCGBrowsersProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\5fabb4e2fa1a10ff7399c69cce511ce2\PCGCatalogItemFootprint.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\fc8fb58fc83adacb131f5c97e11fd4d0\PCGSAProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\e6db590d0b196437436a87abd04b565a\PCGClientCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\2167bf68551f4637bdb136129c1d4fb8\PCGCatalogItemCache.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\a66fc35dce831eeeb0f754f4b91f5e86\PCGEntities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\99b234892fc4b8ab57c64ec0a2db487d\PCGUpgrader.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\99ea83d4147223d93bb89b6ed60b3b8c\SolutoUpdateService.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\46a2de6c04f076d3d676f5c0a883f12e\PCGUsersCenter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\67aa38b6d38a48108c63505e078cfef5\PCGConfiguration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\2f4c88c2534d862be50fd2b675c20907\Newtonsoft.Json.Net35.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\d32f29349aaa7216806af72e00947fc1\PCGPostBootResources.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\3bfdc7a0f0ece63e43fb1a9a339c7408\PCGHIDProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\8992fec3506ce7a2d96f0a527b5a4cbd\PCGRSPProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\cb26f18e44d452420f9913fc03408a2c\Community.CsharpSqlite.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\4d8b81d1add4fa798113e73013e0b90f\Interop.IWshRuntimeLibrary.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\9db75bb09e5d72de3ed624365cf9df47\System.Data.SqlServerCe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\34690fadb69e860434c9ec2f49a2aecc\PCGDriverProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\a150c804a0b7e84a1a01af464e528719\PCGPrestoSerializer.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\60c0c887591f37e0a1e84464b38a71e1\Ionic.Zip.Reduced.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Soluto\PCGDllExportInspector.dll ()
MOD - C:\Program Files\Soluto\PCGDeviceScanLib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_29220b46\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bd32d23e\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_24c28833\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_74d0e54f\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Documents and Settings\First User\Local Settings\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\WINDOWS\system32\MSNChatHook.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Acer\Empowering Technology\NetMonitor.dll ()
MOD - C:\Acer\Empowering Technology\ServiceControl.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPCap\rpcapd.exe (CACE Technologies)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (VcommMgr) -- System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- system32\DRIVERS\VComm.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cpuz135) -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (btkrnl) -- system32\DRIVERS\btkrnl.sys File not found
DRV - (BTHidMgr) -- System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- System32\Drivers\vbtenum.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (Btcsrusb) -- System32\Drivers\btcusb.sys File not found
DRV - (BTCOMBUS) -- System32\Drivers\btcombus.sys File not found
DRV - (BTCOM) -- system32\DRIVERS\btcomport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (BT) -- system32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- system32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- system32\DRIVERS\blueletaudio.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MpKsld02e1307) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47B2767F-0E24-4602-9844-17681EC63B6F}\MpKsld02e1307.sys (Microsoft Corporation)
DRV - (Soluto) -- C:\WINDOWS\system32\drivers\Soluto.sys (Soluto LTD.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BtHidBus) -- C:\WINDOWS\system32\drivers\BtHidBus.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (Gonzales) -- C:\WINDOWS\system32\drivers\Gonzales.sys (Freecom)
DRV - (Bonifay) -- C:\WINDOWS\system32\drivers\Bonifay.sys (Freecom)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...D-1867DC4D5604
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEC020DB-362E-4699-94F7-5644F6FABD91}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news/"
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://isearch.avg.c...9:21&sap=ku&q="
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/21 18:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/11 17:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/17 19:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/05/16 02:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/05/16 02:42:42 | 000,000,000 | ---D | M]

[2008/12/05 10:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Extensions
[2008/12/05 10:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 18:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Extensions\[email protected]
[2007/05/16 02:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions
[2012/05/18 07:34:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/05/22 09:43:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/23 20:42:52 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/01/13 08:29:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected](2).org
[2012/01/11 17:28:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected]
[2010/10/08 18:08:08 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected]
[2009/07/01 13:13:38 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\winamp-search.xml
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\askcom.xml
[2007/05/16 02:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/18 14:32:28 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}(2)
[2007/05/16 02:42:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/26 00:44:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/09 20:16:42 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/16 12:07:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2010/10/08 18:08:28 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/07/09 20:17:14 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2011/03/12 08:14:20 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/03/12 08:14:20 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2012/02/13 00:30:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/13 00:30:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 00:43:58 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2012/04/26 00:43:58 | 000,003,413 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/04/26 00:43:58 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/26 00:43:58 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/26 00:43:58 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/26 00:44:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/12 08:39:14 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1164F148-297D-403A-A3D2-8A2C0B163506}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855B4A92-6A60-4910-9A86-BB991D359F2E}: NameServer = 192.168.44.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\First User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\First User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 09:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/19 08:52:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/19 08:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/19 08:40:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\First User\Desktop\OTL.exe
[2012/05/19 08:34:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/05/18 21:51:10 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/05/18 21:51:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/05/18 21:50:55 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/05/18 21:50:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/05/18 21:50:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/05/18 21:49:23 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/05/18 21:48:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012/05/18 21:47:20 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/05/18 19:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\SUPERAntiSpyware.com
[2012/05/18 19:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/18 19:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/18 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/18 18:18:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/05/18 07:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Start Menu\Programs\HiJackThis
[2012/05/18 07:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/18 07:48:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/05/18 07:48:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\First User\My Documents\My Music
[2012/05/18 07:48:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/05/18 07:43:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/17 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\Malwarebytes
[2012/05/17 20:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/17 20:57:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/17 20:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/17 19:46:00 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/17 19:45:59 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/17 19:45:50 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/17 19:45:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/17 19:45:49 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/17 19:45:46 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/17 19:45:46 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/17 19:45:45 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/17 19:43:33 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/17 19:43:20 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/17 19:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/17 19:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/17 19:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/17 19:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/17 19:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/17 19:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\Downloads
[2012/05/15 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\To Save2
[2012/05/15 08:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\To Save
[2012/05/12 22:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/12 21:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Languages
[2012/05/12 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Chameleon
[2012/05/12 19:10:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/12 08:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Local Settings\Application Data\AVG Secure Search
[2012/05/12 08:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\AVG Secure Search
[2012/05/12 08:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/12 08:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/12 08:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/12 08:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/12 08:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/12 08:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/27 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/04/27 14:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2012/04/26 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 00:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/20 19:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 12:11:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/19 11:54:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 11:53:14 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/19 09:57:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/19 09:12:54 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/05/19 08:54:28 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 08:40:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\First User\Desktop\OTL.exe
[2012/05/19 08:07:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/19 08:04:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/19 07:57:18 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/05/19 07:55:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/19 07:55:32 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3244774052-2678869024-1713698313-1005.job
[2012/05/19 07:54:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 07:53:58 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 23:33:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/05/18 19:37:54 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 07:52:10 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\HiJackThis.lnk
[2012/05/18 07:48:06 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/18 07:47:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\Windows Media Player.lnk
[2012/05/17 20:57:46 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 19:46:02 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 19:45:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/17 19:28:20 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/17 19:28:20 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 15:27:04 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/05/12 21:28:34 | 000,021,505 | ---- | M] () -- C:\Program Files\unins000.dat
[2012/05/12 21:28:34 | 000,010,498 | ---- | M] () -- C:\Program Files\unins000.msg
[2012/05/12 16:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3244774052-2678869024-1713698313-1005.job
[2012/05/12 14:03:04 | 097,952,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/09 14:16:28 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 08:47:12 | 000,447,262 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 08:47:12 | 000,073,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/05 19:11:18 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 19:11:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/02 15:23:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/25 16:49:40 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\First User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2012/04/24 16:40:34 | 000,235,520 | -H-- | M] () -- C:\Documents and Settings\First User\Desktop\ZbThumbnail.info
[2012/04/20 19:57:28 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 09:12:52 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/05/18 20:06:47 | 000,149,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/18 19:37:52 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 07:52:08 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\HiJackThis.lnk
[2012/05/18 07:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\Windows Media Player.lnk
[2012/05/17 20:57:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 19:46:01 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 19:28:19 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/17 19:28:19 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\Spybot - Search & Destroy.lnk
[2012/05/12 23:51:49 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/12 21:58:33 | 000,021,505 | ---- | C] () -- C:\Program Files\unins000.dat
[2012/05/12 21:58:33 | 000,010,498 | ---- | C] () -- C:\Program Files\unins000.msg
[2012/05/12 21:58:32 | 000,410,054 | ---- | C] () -- C:\Program Files\mbam.chm
[2012/05/12 21:58:32 | 000,000,785 | ---- | C] () -- C:\Program Files\changes.rtf
[2012/05/12 14:03:03 | 097,952,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/02 15:33:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/02 15:33:34 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/02 15:23:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/20 19:57:26 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/21 12:36:39 | 000,056,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/30 21:36:01 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\mp3codec32win.dll
[2011/01/30 14:36:48 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2011/01/26 15:12:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/26 15:12:15 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/11/09 08:54:23 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2010/06/22 22:27:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2006/08/18 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2007/11/15 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2008/04/18 11:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/12 11:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 21:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/06/15 14:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/15 23:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2009/06/18 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/08 12:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/03 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/26 13:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/03 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 14:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/11/09 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/01/06 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/01/26 15:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/01/29 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/10/25 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/12 08:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/12 08:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/12 08:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/12 08:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/17 19:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Acer
[2008/04/15 16:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\.BitTornado
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Nokia
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\PC Suite
[2009/11/28 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\gtk-2.0
[2010/02/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Canon
[2010/03/11 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\MSNInstaller
[2010/03/15 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\GlarySoft
[2010/04/13 18:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\TomTom
[2010/04/17 23:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Nokia Ovi Suite
[2010/09/15 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\FileZilla
[2010/12/12 18:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\WinAVI
[2011/01/06 15:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Vodafone
[2011/01/30 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\LG Electronics
[2011/10/25 18:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Samsung
[2012/05/12 08:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\AVG Secure Search
[2012/05/19 11:53:14 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/02/21 03:34:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2010/08/03 14:26:56 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 22 May 2012 - 11:00 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
GeoffW
Posted 23 May 2012 - 01:31 AM

GeoffW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the report.
OTL logfile created on: 23/05/2012 07:53:48 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\First User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.04 Mb Total Physical Memory | 558.37 Mb Available Physical Memory | 55.06% Memory free
2.38 Gb Paging File | 1.43 Gb Available in Paging File | 60.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 0.73 Gb Free Space | 1.37% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 37.26 Gb Free Space | 69.40% Space Free | Partition Type: FAT32

Computer Name: G-WOOD-ACER | User Name: First User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\First User\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12052201\algo.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\35963433c896a9fde5298ab316aae1d9\SolutoCleanup.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ceeea581823a81233825b9b643715c36\PCGBootVisualizingCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\909efa78154e6af37dad1b8d91dd2e19\PCGBrowsersProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\5fabb4e2fa1a10ff7399c69cce511ce2\PCGCatalogItemFootprint.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\fc8fb58fc83adacb131f5c97e11fd4d0\PCGSAProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\e6db590d0b196437436a87abd04b565a\PCGClientCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\2167bf68551f4637bdb136129c1d4fb8\PCGCatalogItemCache.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\a66fc35dce831eeeb0f754f4b91f5e86\PCGEntities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\99b234892fc4b8ab57c64ec0a2db487d\PCGUpgrader.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\99ea83d4147223d93bb89b6ed60b3b8c\SolutoUpdateService.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\46a2de6c04f076d3d676f5c0a883f12e\PCGUsersCenter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\67aa38b6d38a48108c63505e078cfef5\PCGConfiguration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\2f4c88c2534d862be50fd2b675c20907\Newtonsoft.Json.Net35.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\d32f29349aaa7216806af72e00947fc1\PCGPostBootResources.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\3bfdc7a0f0ece63e43fb1a9a339c7408\PCGHIDProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\8992fec3506ce7a2d96f0a527b5a4cbd\PCGRSPProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\cb26f18e44d452420f9913fc03408a2c\Community.CsharpSqlite.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\4d8b81d1add4fa798113e73013e0b90f\Interop.IWshRuntimeLibrary.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\9db75bb09e5d72de3ed624365cf9df47\System.Data.SqlServerCe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\34690fadb69e860434c9ec2f49a2aecc\PCGDriverProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\a150c804a0b7e84a1a01af464e528719\PCGPrestoSerializer.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\60c0c887591f37e0a1e84464b38a71e1\Ionic.Zip.Reduced.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Program Files\Soluto\PCGDllExportInspector.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_29220b46\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bd32d23e\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_24c28833\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_74d0e54f\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\WINDOWS\system32\MSNChatHook.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Acer\Empowering Technology\NetMonitor.dll ()
MOD - C:\Acer\Empowering Technology\ServiceControl.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPCap\rpcapd.exe (CACE Technologies)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (VcommMgr) -- System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- system32\DRIVERS\VComm.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cpuz135) -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (btkrnl) -- system32\DRIVERS\btkrnl.sys File not found
DRV - (BTHidMgr) -- System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- System32\Drivers\vbtenum.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (Btcsrusb) -- System32\Drivers\btcusb.sys File not found
DRV - (BTCOMBUS) -- System32\Drivers\btcombus.sys File not found
DRV - (BTCOM) -- system32\DRIVERS\btcomport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (BT) -- system32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- system32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- system32\DRIVERS\blueletaudio.sys File not found
DRV - (MpKsl5eafefbe) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2415005-8E8D-4DFF-9569-9DC2D1986E91}\MpKsl5eafefbe.sys (Microsoft Corporation)
DRV - (Soluto) -- C:\WINDOWS\system32\drivers\Soluto.sys (Soluto LTD.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BtHidBus) -- C:\WINDOWS\system32\drivers\BtHidBus.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (Gonzales) -- C:\WINDOWS\system32\drivers\Gonzales.sys (Freecom)
DRV - (Bonifay) -- C:\WINDOWS\system32\drivers\Bonifay.sys (Freecom)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...e=tb50winampie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...D-1867DC4D5604
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{EEC020DB-362E-4699-94F7-5644F6FABD91}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news/"
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "http://isearch.avg.c...9:21&sap=ku&q="
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/11 17:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/17 19:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/05/16 02:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/05/16 02:42:42 | 000,000,000 | ---D | M]

[2008/12/05 10:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Extensions
[2010/04/13 18:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Extensions\[email protected]
[2007/05/16 02:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions
[2012/05/18 07:34:58 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/05/22 09:43:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/23 20:42:52 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/01/13 08:29:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected](2).org
[2012/01/11 17:28:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected]
[2012/05/19 21:54:14 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\extensions\[email protected]
[2009/07/01 13:13:38 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\winamp-search.xml
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\askcom.xml
[2007/05/16 02:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/18 14:32:28 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}(2)
[2012/04/26 00:44:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/08 18:08:28 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/13 00:30:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 00:43:58 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2012/04/26 00:43:58 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/26 00:43:58 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/26 00:43:58 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/26 00:44:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/12 08:39:14 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1164F148-297D-403A-A3D2-8A2C0B163506}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855B4A92-6A60-4910-9A86-BB991D359F2E}: NameServer = 192.168.44.254
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\First User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\First User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f7ba8d6-19a7-11e0-88af-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2346244-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2346246-d881-11df-8841-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7be82f6-295f-11e0-88c3-0016d45ef7e5}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 21:00:20 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012/05/22 08:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Desktop\leather colours
[2012/05/19 21:38:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\First User\IETldCache
[2012/05/19 09:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/19 08:52:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/19 08:40:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\First User\Desktop\OTL.exe
[2012/05/18 19:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\SUPERAntiSpyware.com
[2012/05/18 19:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/18 19:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/18 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/18 07:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Start Menu\Programs\HiJackThis
[2012/05/18 07:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/18 07:48:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/05/18 07:48:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\First User\My Documents\My Music
[2012/05/18 07:48:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/05/17 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\Malwarebytes
[2012/05/17 20:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/17 20:57:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/17 20:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/17 19:46:00 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/17 19:45:59 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/17 19:45:50 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/17 19:45:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/17 19:45:49 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/17 19:45:46 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/17 19:45:46 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/17 19:45:45 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/17 19:43:33 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/17 19:43:20 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/17 19:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/17 19:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/17 19:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/17 19:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/17 19:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/17 19:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\Downloads
[2012/05/15 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\To Save2
[2012/05/15 08:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\My Documents\To Save
[2012/05/12 22:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/12 21:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Languages
[2012/05/12 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Chameleon
[2012/05/12 19:10:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/12 08:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Local Settings\Application Data\AVG Secure Search
[2012/05/12 08:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\First User\Application Data\AVG Secure Search
[2012/05/12 08:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/12 08:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/12 08:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/12 08:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/12 08:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/12 08:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/27 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/04/27 14:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2012/04/26 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 00:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/23 08:11:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/23 07:54:04 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/23 07:32:16 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/23 07:30:04 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/23 07:21:40 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012/05/23 07:20:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/23 07:20:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/23 07:20:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3244774052-2678869024-1713698313-1005.job
[2012/05/23 07:19:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/23 07:19:48 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 07:18:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012/05/21 20:51:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/19 23:02:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/19 21:38:44 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/19 16:00:02 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3244774052-2678869024-1713698313-1005.job
[2012/05/19 08:40:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\First User\Desktop\OTL.exe
[2012/05/18 19:37:54 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 07:52:10 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\HiJackThis.lnk
[2012/05/18 07:48:06 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/18 07:47:58 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\Windows Media Player.lnk
[2012/05/17 20:57:46 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 19:46:02 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 19:45:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/17 19:28:20 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/17 19:28:20 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\First User\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 15:27:04 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/05/12 21:28:34 | 000,021,505 | ---- | M] () -- C:\Program Files\unins000.dat
[2012/05/12 21:28:34 | 000,010,498 | ---- | M] () -- C:\Program Files\unins000.msg
[2012/05/12 14:03:04 | 097,952,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/09 14:16:28 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 08:47:12 | 000,447,262 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 08:47:12 | 000,073,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/02 15:23:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/25 16:49:40 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\First User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2012/04/24 16:40:34 | 000,235,520 | -H-- | M] () -- C:\Documents and Settings\First User\Desktop\ZbThumbnail.info
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 21:38:43 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\First User\Start Menu\Programs\Internet Explorer.lnk
[2012/05/18 20:06:47 | 000,149,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/18 19:37:52 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 07:52:08 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\HiJackThis.lnk
[2012/05/18 07:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\Windows Media Player.lnk
[2012/05/17 20:57:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 19:46:01 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/17 19:28:19 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\First User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/17 19:28:19 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\First User\Desktop\Spybot - Search & Destroy.lnk
[2012/05/12 23:51:49 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/12 21:58:33 | 000,021,505 | ---- | C] () -- C:\Program Files\unins000.dat
[2012/05/12 21:58:33 | 000,010,498 | ---- | C] () -- C:\Program Files\unins000.msg
[2012/05/12 21:58:32 | 000,410,054 | ---- | C] () -- C:\Program Files\mbam.chm
[2012/05/12 21:58:32 | 000,000,785 | ---- | C] () -- C:\Program Files\changes.rtf
[2012/05/12 14:03:03 | 097,952,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/02 15:33:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/02 15:33:34 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/02 15:23:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/21 12:36:39 | 000,056,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/30 21:36:01 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\mp3codec32win.dll
[2011/01/30 14:36:48 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2011/01/26 15:12:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/01/26 15:12:15 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/11/09 08:54:23 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2010/06/22 22:27:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2006/08/18 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2007/11/15 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2008/04/18 11:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/12 11:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 21:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/06/15 14:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/15 23:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2009/06/18 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/08 12:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/03 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/26 13:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/03 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/03 14:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/11/09 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/01/06 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/01/26 15:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/01/29 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/10/25 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/12 08:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/12 08:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/12 08:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/12 08:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/17 19:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Acer
[2008/04/15 16:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\.BitTornado
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Nokia
[2009/06/23 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\PC Suite
[2009/11/28 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\gtk-2.0
[2010/02/21 13:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Canon
[2010/03/11 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\MSNInstaller
[2010/03/15 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\GlarySoft
[2010/04/13 18:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\TomTom
[2010/04/17 23:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Nokia Ovi Suite
[2010/09/15 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\FileZilla
[2010/12/12 18:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\WinAVI
[2011/01/06 15:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Vodafone
[2011/01/30 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\LG Electronics
[2011/10/25 18:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\Samsung
[2012/05/12 08:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\First User\Application Data\AVG Secure Search
[2012/05/23 07:30:04 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/02/21 03:34:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job
[2010/08/03 14:26:56 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo
Posted 24 May 2012 - 06:46 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please uninstall either Avast or Microsoft Security Essentials. You should never use more than one anti-virus on a PC.




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...D-1867DC4D5604
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\askcom.xml
O3 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
GeoffW
Posted 25 May 2012 - 02:51 PM

GeoffW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for your response.
I tried the first part of the recommendation.
Copied and pasted the text into OTL and tried the run fix.
At the bottom of the OTL screen the following appeared "killing processes - DO NO INTERRUPT" Following this, the laptop locked up and after several minuted, nothing further happened.
I tried again but first closed down Malwarebytes and MSE, the same thing happened the computer locked and I had to force the close down.
I don't know what I am doing wrong
  • 0

#6
Gammo
Posted 26 May 2012 - 05:37 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Let's try a different OTL fix. If it still doesn't work, just skip that step and continue with running ComboFix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...D-1867DC4D5604
IE - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\searchplugins\askcom.xml
O3 - HKU\S-1-5-21-3244774052-2678869024-1713698313-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\First User\My Documents\*.tmp files -> C:\Documents and Settings\First User\My Documents\*.tmp -> ]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
GeoffW
Posted 27 May 2012 - 12:22 AM

GeoffW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the continuing advice. The second OTL run worked.
I then ran ComboFix and that took about 20 mins. The report follows.
The boot up time on the laptop is about the same as before (too many processes starting up?) but the laptop seems to be stable and running normally.

ComboFix 12-05-26.02 - First User 26/05/2012 18:34:39.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.288 [GMT 1:00]
Running from: c:\documents and settings\First User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\FIRSTU~1\LOCALS~1\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\documents and settings\First User\Local Settings\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\documents and settings\First User\WINDOWS
c:\program files\autorun.inf
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\EventSystem.log
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 06:54 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1A95E3-4802-47F1-93E4-847D654CF8D6}\mpengine.dll
2012-05-24 19:25 . 2012-05-24 19:25 -------- d-----w- C:\_OTL
2012-05-24 06:15 . 2012-05-24 06:15 -------- d-----w- C:\FOUND.001
2012-05-22 20:00 . 2012-05-22 20:00 -------- d-----w- C:\FOUND.000
2012-05-19 20:39 . 2012-05-19 20:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-19 20:38 . 2012-05-19 20:38 -------- d-sh--w- c:\documents and settings\First User\IETldCache
2012-05-19 07:52 . 2012-05-19 07:52 -------- d--h--w- c:\windows\ie8
2012-05-19 07:34 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-05-19 07:34 . 2012-03-01 11:01 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-05-19 07:34 . 2012-03-01 11:01 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-19 07:34 . 2012-03-01 11:01 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-18 20:51 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-18 20:51 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-18 20:50 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-18 20:50 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-18 20:50 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-18 20:49 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-05-18 20:48 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-05-18 20:47 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-05-18 18:38 . 2012-05-18 18:38 -------- d-----w- c:\documents and settings\First User\Application Data\SUPERAntiSpyware.com
2012-05-18 18:37 . 2012-05-18 18:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-18 18:37 . 2012-05-18 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-18 17:18 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-05-18 06:52 . 2012-05-18 06:52 388096 ----a-r- c:\documents and settings\First User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-18 06:52 . 2012-05-18 06:52 -------- d-----w- c:\program files\Trend Micro
2012-05-17 19:58 . 2012-05-17 19:58 -------- d-----w- c:\documents and settings\First User\Application Data\Malwarebytes
2012-05-17 19:57 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 19:57 . 2012-05-17 19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-17 18:41 . 2012-05-17 18:41 -------- d-----w- c:\program files\AVAST Software
2012-05-17 18:41 . 2012-05-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-17 18:27 . 2012-05-17 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-17 18:27 . 2012-05-17 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-05-14 16:10 . 2012-05-14 16:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-12 21:16 . 2012-05-12 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-12 20:58 . 2012-05-12 20:58 -------- d-----w- c:\program files\Languages
2012-05-12 20:58 . 2012-05-12 20:58 -------- d-----w- c:\program files\Chameleon
2012-05-12 07:39 . 2012-05-12 07:39 -------- d-----w- c:\documents and settings\First User\Local Settings\Application Data\AVG Secure Search
2012-05-12 07:39 . 2012-05-12 07:39 -------- d-----w- c:\documents and settings\First User\Application Data\AVG Secure Search
2012-05-12 07:39 . 2012-05-12 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-05-12 07:39 . 2012-05-12 07:39 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-12 07:38 . 2012-05-12 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-12 07:37 . 2012-05-12 07:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-12 07:37 . 2012-05-12 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-05-12 07:32 . 2012-05-12 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-04-27 13:30 . 2012-04-27 13:30 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-03-20 06:11 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 18:11 . 2012-04-08 18:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 18:11 . 2011-05-21 19:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-24 16:13 . 2012-03-09 15:20 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-11 13:14 . 2005-09-28 16:02 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 19:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2005-09-28 15:35 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2006-01-09 10:02 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 19:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 19:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 19:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 19:00 385024 ------w- c:\windows\system32\html.iec
2007-12-03 06:01 . 2008-02-05 19:56 8625664 ----a-w- c:\program files\ffplay.exe
2007-12-03 06:01 . 2008-02-05 19:56 8240128 ----a-w- c:\program files\ffmpeg.exe
2007-12-03 05:51 . 2008-02-05 20:03 88379 ----a-w- c:\program files\pthreadGC2.dll
2012-04-25 23:44 . 2012-02-12 23:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-09 19:16 . 2007-08-14 06:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 3906944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Linksys Cordless Internet Telephony Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Linksys Cordless Internet Telephony Kit.lnk
backup=c:\windows\pss\Linksys Cordless Internet Telephony Kit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^First User^Start Menu^Programs^Startup^Freecom Personal Media Suite.lnk]
path=c:\documents and settings\First User\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk
backup=c:\windows\pss\Freecom Personal Media Suite.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 03:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24/09/2009 05:40 19592]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [09/03/2012 16:20 51144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/05/2012 20:57 654408]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [24/04/2012 17:32 584224]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [18/07/2007 07:21 12160]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/05/2012 20:57 22344]
S1 MpKsle9a8db3b;MpKsle9a8db3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1A95E3-4802-47F1-93E4-847D654CF8D6}\MpKsle9a8db3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A1A95E3-4802-47F1-93E4-847D654CF8D6}\MpKsle9a8db3b.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/02/2012 08:44 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 19:49 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [25/10/2011 18:53 30312]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 13:41 22528]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [25/10/2011 18:33 20032]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [18/07/2007 07:21 7040]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/08/2007 07:36 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/02/2012 08:44 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 14:01 25480]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys --> c:\windows\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 00:44 129976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [25/10/2011 18:53 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [25/10/2011 18:53 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [25/10/2011 18:53 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [25/10/2011 18:53 114280]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-05-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2010-08-03 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 07:44]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-18 07:44]
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:11]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{855B4A92-6A60-4910-9A86-BB991D359F2E}: NameServer = 192.168.44.254
FF - ProfilePath - c:\documents and settings\First User\Application Data\Mozilla\Firefox\Profiles\5bx23w5z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcc0586ea-de7f-4872-b2e8-4341fca7a68e%7D&mid=a2341ddc921c47d0aec8d15f92ba1e16-6675f43dc8d2e315e25acfe6330181534ae5c5d5&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-12%2008%3A39%3A21&sap=ku&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-LAME for Audacity_is1 - c:\program files\Lame For Audacity\unins000.exe
AddRemove-mp3splt - c:\program files\mp3splt\mp3splt_uninst.exe
AddRemove-mp3splt-gtk - c:\program files\mp3splt-gtk\mp3splt-gtk_uninst.exe
AddRemove-SopCast - c:\program files\SopCast\uninst.exe
AddRemove-Soulseek2 - c:\program files\SoulseekNS\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 19:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3244774052-2678869024-1713698313-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,22,56,fd,8c,1f,a8,50,8b,f9,68,1e,b5,80,fa,4a,56,04,e3,34,61,73,88,
89,c6,f7,9c,86,fb,b4,63,55,b1,4a,2f,66,5e,79,78,a7,e1,6e,d0,a8,aa,ef,64,ce,\
"??"=hex:a3,e4,02,6e,41,71,f4,22,3d,1b,5a,85,86,b5,2f,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Soluto\soluto.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\ElkCtrl.exe
.
**************************************************************************
.
Completion time: 2012-05-26 19:15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 18:15
.
Pre-Run: 950,272,000 bytes free
Post-Run: 4,265,738,240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4D7F5C7BBCEF63851EE0F893FBBC8566
  • 0

#8
Gammo
Posted 28 May 2012 - 01:12 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#9
GeoffW
Posted 28 May 2012 - 03:38 PM

GeoffW

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks a lot Gammo,
I have followed your instructions, and hopefully now all will be well.
As I understand it, you don't recommend Firefox. Is it very unsafe?

Best Wishes,
Geoff
  • 0

#10
Gammo
Posted 29 May 2012 - 03:33 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Firefox is safe to use. I use it myself. It's a bit more targeted by malware than Google Chrome and Opera, but that's all.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP