Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

internetcorckboard infection [Solved]

Started by jimsharpe10 , Sep 29 2012 01:44 PM

  • This topic is locked This topic is locked

#1
jimsharpe10
Posted 29 September 2012 - 01:44 PM

jimsharpe10

    Member

  • Member
  • PipPip
  • 47 posts
when i try to search or go to different websites it randomly redirects me to internetcorckboard. These are my logs.

OTL Extras logfile created on: 9/29/2012 3:14:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Blake Sharpe\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 20.96% Memory free
3.35 Gb Paging File | 2.14 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 3.18 Gb Free Space | 2.13% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 1.90 Gb Free Space | 4.95% Space Free | Partition Type: NTFS

Computer Name: BLAKE | User Name: Blake Sharpe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"5834:TCP" = 5834:TCP:*:Enabled:Remote Assistance Local
"4735:TCP" = 4735:TCP:*:Enabled:Remote Assistance Remote

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\WUAUCLT.EXE" = C:\WINDOWS\system32\WUAUCLT.EXE:*:Enabled:Windows Update -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\WUAUCLT.EXE" = C:\WINDOWS\system32\WUAUCLT.EXE:*:Enabled:Windows Update -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0108D035-436F-E112-F95D-0D2D237C421D}" = Catalyst Control Center Graphics Previews Common
"{0293224F-BEF4-D092-F0E2-CE024C61E797}" = Catalyst Control Center Localization Chinese Traditional
"{0340D491-7E60-67B5-45E6-5F3B57849B60}" = Catalyst Control Center Localization Turkish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C499E9B-D5FF-CC9A-639F-201B6CF6E425}" = Catalyst Control Center Localization French
"{0D0E3F4E-4C5D-5523-D695-C90261513E27}" = CCC Help Finnish
"{0F3AF76E-FAB0-E0EB-AE44-55A91ED3105B}" = CCC Help French
"{116EACBF-1978-F7E2-9A11-764EEA19E8B0}" = CCC Help Italian
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{142F2472-8A39-76C3-BF56-A18AC828DF3D}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7A0F86-2FB7-DFFA-981D-82DE7D67337A}" = Catalyst Control Center Core Implementation
"{21077074-4D91-AFFC-D7B4-7205A93793F3}" = CCC Help Thai
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2FA27F62-48EB-4454-8827-B6AB0D2F5A40}" = CCC Help Japanese
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351B7828-1A39-1687-9A0D-8971492A9A2A}" = CCC Help Polish
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{399150FC-EB45-1CE0-0792-1F3A23397BD4}" = ccc-core-static
"{3B64D29E-5EE8-814B-36C2-E721D269D68D}" = CCC Help Dutch
"{4252BF19-A936-C273-D3E4-3993F6D57BCD}" = CCC Help German
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2B6028-6D3B-3A68-14F5-4BC874DF62C1}" = CCC Help Spanish
"{4C8646E8-803F-3FC6-0EEF-544C2C2C3851}" = CCC Help Russian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5851FC0A-E50D-3EC5-A2E3-1C3F0A0561D8}" = Catalyst Control Center Localization Chinese Standard
"{5C9296BD-06EB-0C4E-FC8B-E0B096E6C4C6}" = CCC Help Greek
"{5EA22998-366E-E729-B587-3BF4B3057238}" = Catalyst Control Center Localization Dutch
"{61937997-A536-AF91-13DB-3B99394D3879}" = CCC Help Chinese Traditional
"{65DAA6D4-CA35-13F8-5C2E-4EF612C800E0}" = CCC Help Turkish
"{6C31E313-254D-19B2-7089-6912B195180C}" = Skins
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{729F1E55-2521-8683-9FF1-8D4D5DE57606}" = Catalyst Control Center Localization Korean
"{739126B3-1B80-4F9F-8D59-312A19613E1A}_is1" = MP4 player
"{7662CB7D-B09C-0CC6-5C0D-41F756976BE0}" = CCC Help English
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{8115A4D3-24D4-551E-8F82-260244541D72}" = Catalyst Control Center Graphics Full Existing
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A257F8F-8D55-4863-1362-0CA36D1FC5E2}" = Catalyst Control Center Localization Czech
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90817B77-B020-122B-E574-2A859DDCCF83}" = Catalyst Control Center Graphics Light
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D39737A-5575-0785-B31D-AF6230D6439D}" = CCC Help Hungarian
"{A1E1178A-EDB7-21B7-0087-8E6445A565C3}" = CCC Help Danish
"{A2B68CD0-C656-22C8-8F8F-40DA9FB419EB}" = Catalyst Control Center Localization German
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4AB8588-B6C6-B376-3637-87EC8501EBAF}" = Catalyst Control Center Localization Russian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BE45A008-4500-EB02-B7E8-3E9958683958}" = Catalyst Control Center Graphics Full New
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4710D0F-6DED-773A-4413-1EB16676A64F}" = CCC Help Portuguese
"{D4CB15CD-7736-1ED7-F687-61503C777D17}" = CCC Help Czech
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC123B8E-9673-9FC5-26FB-FA32AE9241E5}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5025BF8-278D-90CF-479D-221F57F62D4B}" = Catalyst Control Center Localization Japanese
"{E67A0857-51D1-5C07-C751-D51261658393}" = CCC Help Swedish
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F31EE1B9-80C4-53E1-9832-5B78C75BAE8A}" = CCC Help Korean
"{F75A1CDB-500B-AA54-0DDC-48EDC09E4054}" = CCC Help Norwegian
"{FBDD8E9F-FCEE-1ED9-F933-2DB9BDCE8694}" = CCC Help Chinese Standard
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FE0FD434-D9F2-183E-4C79-EAAC158A4478}" = Catalyst Control Center Localization Danish
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Origin" = Origin
"PokerStars" = PokerStars
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"WORD" = Microsoft Office Word 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2012 12:23:18 AM | Computer Name = BLAKE | Source = ESENT | ID = 490
Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/13/2012 12:23:42 AM | Computer Name = BLAKE | Source = ESENT | ID = 490
Description = svchost (1384) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 9/18/2012 1:31:24 AM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2012 8:41:59 PM | Computer Name = BLAKE | Source = Application Error | ID = 1000
Description = Faulting application utorrent.exe, version 3.1.3.27220, faulting module
utorrent.exe, version 3.1.3.27220, fault address 0x00090298.

Error - 9/18/2012 8:42:02 PM | Computer Name = BLAKE | Source = Application Error | ID = 1000
Description = Faulting application utorrent.exe, version 3.1.3.27220, faulting module
utorrent.exe, version 3.1.3.27220, fault address 0x00090298.

Error - 9/18/2012 8:49:54 PM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2012 8:57:19 PM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2012 3:17:33 PM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2012 3:33:50 PM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2012 4:37:45 PM | Computer Name = BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.10.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/6/2012 11:02:37 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/6/2012 11:11:24 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/9/2012 10:54:45 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/11/2012 11:10:20 AM | Computer Name = BLAKE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 9/11/2012 11:10:45 AM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/17/2012 11:01:00 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/21/2012 10:34:18 PM | Computer Name = BLAKE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 9/21/2012 10:34:38 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/26/2012 2:17:15 PM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 9/28/2012 9:01:42 AM | Computer Name = BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt IntelIde


< End of report >


OTL logfile created on: 9/29/2012 3:14:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Blake Sharpe\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 20.96% Memory free
3.35 Gb Paging File | 2.14 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 3.18 Gb Free Space | 2.13% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 1.90 Gb Free Space | 4.95% Space Free | Partition Type: NTFS

Computer Name: BLAKE | User Name: Blake Sharpe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/29 15:14:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake Sharpe\My Documents\Downloads\OTL.exe
PRC - [2012/09/21 14:35:34 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/07 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/06/05 20:26:40 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/29 08:56:36 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/29 08:56:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/28 00:54:04 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/28 00:53:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/07 18:43:52 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/08 23:36:49 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/06 19:30:08 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011/06/06 19:30:08 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011/06/06 19:29:54 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/06/06 19:29:54 | 002,157,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,763,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,290,752 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,224,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmkv_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,104,896 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/06/06 19:29:54 | 001,085,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblive555_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,640,512 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,441,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmod_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,379,904 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgme_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,338,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,325,632 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,128,000 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,123,392 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libts_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpc_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,089,600 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libogg_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,080,896 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsap_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,052,736 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libty_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libreal_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libps_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,048,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,046,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvobsub_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflacsys_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnuv_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,039,936 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwav_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsmf_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawvid_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvoc_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpva_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnsv_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,035,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmjpeg_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtta_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawdv_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnsc_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxa_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgv_plugin.dll
MOD - [2011/06/06 19:29:54 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011/06/06 19:29:52 | 008,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,178,176 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_http_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,072,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,065,536 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,061,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,057,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libes_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaiff_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libau_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2011/06/06 19:29:52 | 000,030,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011/06/05 20:26:40 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/04/14 08:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 18:43:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 00:09:20 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{68236C22-8C1F-42F5-B3F6-C534D78023D3}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 08:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 18:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/08 23:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Extensions
[2012/09/27 22:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\extensions
[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\searchplugins\conduit.xml
[2012/09/07 18:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 09:37:07 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/09/07 18:43:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 20:13:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:13:33 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\BLAKES~1\LOCALS~1\Temp\{43332~1.EXE) - File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F13EF8-7030-4150-8199-3F471BFD73B4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/06 21:03:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 15:09:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Blake Sharpe\Start Menu\Programs\Administrative Tools
[2012/09/28 01:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/09/28 01:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\wait list
[2012/09/28 01:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/09/28 00:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/09/28 00:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Application Data\SUPERAntiSpyware.com
[2012/09/28 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/09/28 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/09/28 00:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/09/28 00:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/28 00:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Application Data\Malwarebytes
[2012/09/28 00:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 00:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/28 00:46:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/28 00:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/11 08:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/07 18:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/11 11:22:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/29 08:53:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42a0e01e-e2c5-401f-a649-1d764f7d0d64.job
[2012/09/29 08:19:24 | 096,052,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/29 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7c831580-ca80-4eb7-a882-bcc764922939.job
[2012/09/28 22:51:32 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/28 09:01:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/28 09:01:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/28 01:01:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/28 01:01:21 | 000,039,785 | ---- | M] () -- C:\Documents
[2012/09/27 09:33:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/26 18:59:33 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Application Data\vso_ts_preview.xml
[2012/09/26 16:17:14 | 000,434,205 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Sons-Of-Anarchy-sons-of-anarchy-2878458-1024-768.jpg
[2012/09/16 21:06:19 | 000,054,063 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Teen Mom.jpg
[2012/09/14 16:13:48 | 000,237,117 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\sixteen-and-pregnant-3.jpg
[2012/09/12 14:45:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/11 17:44:02 | 000,160,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 01:01:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/28 00:59:52 | 000,039,785 | ---- | C] () -- C:\Documents
[2012/09/28 00:53:10 | 000,000,524 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7c831580-ca80-4eb7-a882-bcc764922939.job
[2012/09/28 00:53:10 | 000,000,524 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42a0e01e-e2c5-401f-a649-1d764f7d0d64.job
[2012/09/26 16:17:11 | 000,434,205 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Sons-Of-Anarchy-sons-of-anarchy-2878458-1024-768.jpg
[2012/09/16 21:06:18 | 000,054,063 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Teen Mom.jpg
[2012/09/14 16:13:46 | 000,237,117 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\sixteen-and-pregnant-3.jpg
[2012/08/12 19:44:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\dt.dat
[2012/05/11 03:24:17 | 001,950,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/26 12:10:05 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/04/26 12:10:05 | 000,103,681 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/02/15 07:16:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/18 00:10:00 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 11:22:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\inst.exe
[2011/07/11 11:22:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.cat
[2011/07/11 11:22:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.inf
[2011/07/10 18:04:30 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\vso_ts_preview.xml
[2011/07/08 23:33:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/07 00:10:28 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/06 23:51:51 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/06 22:32:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/07/06 21:06:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 21:00:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/06 16:23:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/06 16:22:31 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/07/08 19:42:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 10:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/13 15:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/07/06 22:41:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/17 10:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/05/15 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/09/11 19:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/09/29 08:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/17 13:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/07/08 19:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/07/10 19:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/10/19 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\AVG2012
[2011/08/25 07:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\Blackberry Desktop
[2012/09/28 01:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\DVDVideoSoft
[2012/05/15 22:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\Origin
[2011/07/08 20:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\Research In Motion
[2012/09/29 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\uTorrent
[2012/09/26 18:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake Sharpe\Application Data\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 29 September 2012 - 05:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jimsharpe10,

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3072253&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\searchplugins\conduit.xml
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd
O4 - HKCU..\Run: [] File not found
F3 - HKCU WinNT: Load - (C:\DOCUME~1\BLAKES~1\LOCALS~1\Temp\{43332~1.EXE) - File not found

:Files
ipconfig /flushdns /c

:Commands
[ResetHosts]
[emptyflash]
[emptyjava]
[CreateRestorePoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.
Next

Download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Lastly in this post

Please download MbrScan to your desktop

  • Run MbrScan
  • Place a tick in the asm Code box just below the report button
  • Then press the report button
Posted Image
Copy and paste the generated report to your next post please

So when you return please post
  • OTL fix.txt
  • AdwCleaner log
  • MbrScan report
  • 0

#3
jimsharpe10
Posted 30 September 2012 - 08:43 PM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I have ran the otl fix twice and it hasnt made a log upon reboot. Do i still go to the next steps?
  • 0

#4
emeraldnzl
Posted 30 September 2012 - 09:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi jimsharpe10,

I have ran the otl fix twice and it hasnt made a log upon reboot.


If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Do i still go to the next steps?


Yes please. :thumbsup:
  • 0

#5
jimsharpe10
Posted 01 October 2012 - 10:23 AM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.condui...earchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
File C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\BLAKES~1\LOCALS~1\Temp\{43332~1.EXE deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Blake Sharpe\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Blake Sharpe\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Blake Sharpe
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Blake Sharpe
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09302012_223720
  • 0

#6
jimsharpe10
Posted 01 October 2012 - 10:33 AM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
# AdwCleaner v2.003 - Logfile created 10/01/2012 at 12:29:01
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Blake Sharpe - BLAKE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Blake Sharpe\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94EAB028-F67B-49A8-B0FE-84439E94420A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1FC4CC5-B8C8-4180-996A-99E99059A7CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\uTorrentControl2

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2750 octets] - [01/10/2012 12:27:25]
AdwCleaner[S1].txt - [2909 octets] - [01/10/2012 12:29:01]

########## EOF - C:\AdwCleaner[S1].txt - [2969 octets] ##########
  • 0

#7
jimsharpe10
Posted 01 October 2012 - 10:37 AM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
there is no asm code box on mine.
this is the report
MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 2 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/10/01 (ISO 8601) at 12:36:00
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Maxtor 6E040L0 (NAR61590)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __ST3160815AS (4.AAB)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	38.29 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : D0A6949BB2A37F72EB9ECD3ACEBB39FE
MBR_SHA1  : 33C8D65F73344A336831E4B70CAB24CCFB9B39E7

Device\Harddisk0\Partition1	38.28 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	149.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : C888911925D8554E1BB43339BAFB4578
MBR_SHA1  : C89A555BE62D208665417FB1915066DA836B100C

Device\Harddisk1\Partition1	149.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA92DA000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF79D3000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 CC A4 82 97 00 00 00 01   .....,Dc̤......
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 91 DA C8 04 00 00   ...ï..?....ÚÈ...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 08 EE 08 EE 00 00 80 01   .....,Dc.î.î....
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 C1 4B A1 12 00 00   ...ï..?...ÁK¡...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

  • 0

#8
emeraldnzl
Posted 01 October 2012 - 01:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jimsharpe10,

Has there been any change in your redirects? Tell me when you come back.

For now
  • Close all windows and open OTL again.
  • Under the Custom Scan box paste this in:
    drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
/md5start
services.*
wbemess.dill
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
qmgr.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\..|smtmp;true;true;true /FP 
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#9
jimsharpe10
Posted 01 October 2012 - 03:26 PM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OTL logfile created on: 10/1/2012 5:06:46 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Blake Sharpe\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 44.61% Memory free
3.35 Gb Paging File | 2.41 Gb Available in Paging File | 71.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 2.58 Gb Free Space | 1.73% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 1.90 Gb Free Space | 4.95% Space Free | Partition Type: NTFS

Computer Name: BLAKE | User Name: Blake Sharpe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/29 15:14:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake Sharpe\My Documents\Downloads\OTL.exe
PRC - [2012/09/21 14:35:34 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/07 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/01 16:54:26 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/10/01 16:54:25 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/28 00:54:04 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/28 00:53:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/07 18:43:52 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/06/17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/04/14 08:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 18:43:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 00:09:20 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{68236C22-8C1F-42F5-B3F6-C534D78023D3}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 08:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 18:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/08 23:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Extensions
[2012/09/27 22:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\extensions
[2012/09/07 18:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 09:37:07 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/09/07 18:43:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 20:13:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:13:33 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/30 22:37:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F13EF8-7030-4150-8199-3F471BFD73B4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/06 21:03:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 22:15:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/30 22:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\[ www.TorrentDay.com ] - Redneck.Island.S01E05.480p.HDTV.x264-mSD
[2012/09/29 17:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\[ www.TorrentDay.com ] - Redneck.Island.S01E08.HDTV.x264-YesTV
[2012/09/29 15:09:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Blake Sharpe\Start Menu\Programs\Administrative Tools
[2012/09/28 01:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/09/28 01:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\wait list
[2012/09/28 01:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/09/28 00:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/09/28 00:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Application Data\SUPERAntiSpyware.com
[2012/09/28 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/09/28 00:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/09/28 00:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/09/28 00:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/28 00:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\[ www.TorrentDay.com ] - Redneck.Island.S01E09.REAL.HDTV.x264-YesTV
[2012/09/28 00:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Application Data\Malwarebytes
[2012/09/28 00:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/28 00:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/28 00:46:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/28 00:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/28 00:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\[ www.TorrentDay.com ] - Redneck.Island.S01E10.REAL.HDTV.x264-YesTV
[2012/09/28 00:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake Sharpe\Desktop\[ www.TorrentDay.com ] - Redneck.Island.S01E06.480p.HDTV.x264-mSD
[2012/09/12 14:45:52 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/09/11 08:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/07 18:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/11 11:22:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/01 17:05:20 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 16:53:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42a0e01e-e2c5-401f-a649-1d764f7d0d64.job
[2012/10/01 12:31:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/01 12:31:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/01 12:26:30 | 096,207,119 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/30 22:37:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/30 17:51:48 | 000,166,236 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/30 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7c831580-ca80-4eb7-a882-bcc764922939.job
[2012/09/28 01:01:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/28 01:01:21 | 000,039,785 | ---- | M] () -- C:\Documents
[2012/09/27 09:33:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/26 18:59:33 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Application Data\vso_ts_preview.xml
[2012/09/26 16:17:14 | 000,434,205 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Sons-Of-Anarchy-sons-of-anarchy-2878458-1024-768.jpg
[2012/09/16 21:06:19 | 000,054,063 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Teen Mom.jpg
[2012/09/14 16:13:48 | 000,237,117 | ---- | M] () -- C:\Documents and Settings\Blake Sharpe\Desktop\sixteen-and-pregnant-3.jpg
[2012/09/12 14:45:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 01:01:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/28 00:59:52 | 000,039,785 | ---- | C] () -- C:\Documents
[2012/09/28 00:53:10 | 000,000,524 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 7c831580-ca80-4eb7-a882-bcc764922939.job
[2012/09/28 00:53:10 | 000,000,524 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42a0e01e-e2c5-401f-a649-1d764f7d0d64.job
[2012/09/26 16:17:11 | 000,434,205 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Sons-Of-Anarchy-sons-of-anarchy-2878458-1024-768.jpg
[2012/09/16 21:06:18 | 000,054,063 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\Teen Mom.jpg
[2012/09/14 16:13:46 | 000,237,117 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Desktop\sixteen-and-pregnant-3.jpg
[2012/08/12 19:44:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\dt.dat
[2012/05/11 03:24:17 | 001,950,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/26 12:10:05 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/04/26 12:10:05 | 000,103,681 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/02/15 07:16:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/18 00:10:00 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 11:22:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\inst.exe
[2011/07/11 11:22:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.cat
[2011/07/11 11:22:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\pcouffin.inf
[2011/07/10 18:04:30 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Blake Sharpe\Application Data\vso_ts_preview.xml
[2011/07/08 23:33:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/07 00:10:28 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/06 23:51:51 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/06 22:32:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/07/06 21:06:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 21:00:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/06 16:23:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/06 16:22:31 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/07/08 19:42:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/04/25 10:47:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/16 21:50:35 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2012/06/16 21:50:33 | 000,004,559 | ---- | M] () -- C:\ads_err.adm
[2012/06/16 21:50:33 | 000,024,261 | ---- | M] () -- C:\ads_err.adt
[2012/06/16 21:50:24 | 000,006,499 | ---- | M] () -- C:\ads_err.dbf
[2012/10/01 12:27:29 | 000,002,750 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/10/01 12:29:17 | 000,003,038 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2011/07/06 21:03:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/06 20:57:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/06 21:03:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/09/28 01:01:21 | 000,039,785 | ---- | M] () -- C:\Documents
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/07/06 21:03:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/06 21:03:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/05/23 21:35:26 | 000,002,442 | ---- | M] () -- C:\netsh.log.txt
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/10/01 12:30:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2011/09/05 13:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/07/06 21:03:53 | 000,001,602 | ---- | M] () MD5=28366091075AF7B6D5D67468FBD4EDD3 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 18:43:47 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 18:43:47 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 18:43:47 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/07 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/27 07:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/27 07:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/27 07:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/26 02:40:35 | 000,634,504 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< End of report >
  • 0

#10
jimsharpe10
Posted 01 October 2012 - 03:36 PM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
my internet still redirects
  • 0

Advertisements

#11
emeraldnzl
Posted 01 October 2012 - 04:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jimsharpe10,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
jimsharpe10
Posted 01 October 2012 - 05:25 PM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 12-09-30.03 - Blake Sharpe 10/01/2012 19:15:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1098 [GMT -4:00]
Running from: c:\documents and settings\Blake Sharpe\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Blake Sharpe\Application Data\inst.exe
c:\documents and settings\Blake Sharpe\Application Data\vso_ts_preview.xml
C:\Documents
C:\install.exe
c:\windows\system32\_000036_.tmp.dll
c:\windows\system32\msssc.dll
c:\windows\system32\SET6BA.tmp
c:\windows\system32\SET6BE.tmp
c:\windows\system32\SET6C6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 02:15 . 2012-10-01 02:15 -------- d-----w- C:\_OTL
2012-09-28 05:24 . 2012-09-28 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2012-09-28 05:00 . 2012-09-28 05:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-09-28 04:56 . 2012-09-28 04:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-09-28 04:52 . 2012-09-28 04:52 -------- d-----w- c:\documents and settings\Blake Sharpe\Application Data\SUPERAntiSpyware.com
2012-09-28 04:52 . 2012-09-28 05:07 -------- d-----w- c:\program files\Google
2012-09-28 04:51 . 2012-09-28 04:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-28 04:51 . 2012-09-28 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-28 04:46 . 2012-09-28 04:46 -------- d-----w- c:\documents and settings\Blake Sharpe\Application Data\Malwarebytes
2012-09-28 04:46 . 2012-09-28 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-28 04:46 . 2012-09-28 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-28 04:46 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 19:12 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 19:43 . 2011-04-05 04:59 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21 . 2011-01-07 10:41 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-07-07 00:59 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-07 22:43 . 2012-09-07 22:43 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5834:TCP"= 5834:TCP:Remote Assistance Local
"4735:TCP"= 4735:TCP:Remote Assistance Remote
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/28/2012 12:46 AM 399432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/11/2011 11:22 AM 47360]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/28/2012 12:46 AM 676936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/28/2012 12:46 AM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 114144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 42a0e01e-e2c5-401f-a649-1d764f7d0d64.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7c831580-ca80-4eb7-a882-bcc764922939.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Blake Sharpe\Application Data\Mozilla\Firefox\Profiles\szgmg5b5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-01 19:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-10-01 19:23:35
ComboFix-quarantined-files.txt 2012-10-01 23:23
.
Pre-Run: 4,949,561,344 bytes free
Post-Run: 5,266,268,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 76699907E91D868491A238C800745769
  • 0

#13
emeraldnzl
Posted 01 October 2012 - 05:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi jimsharpe10,

Still getting the redirections?
  • 0

#14
jimsharpe10
Posted 01 October 2012 - 05:46 PM

jimsharpe10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
yup
  • 0

#15
emeraldnzl
Posted 01 October 2012 - 06:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, let's see what happens when you run Firefox with Add-ons disabled.

At the top of the Firefox window, click the Firefox menu, and select the Help menu item and then Restart with Add-ons Disabled...

Come back and tell me if that makes a difference.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP