Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Agent3.WJV infection [Closed]


  • This topic is locked This topic is locked

#1
mjfin

mjfin

    New Member

  • Member
  • Pip
  • 2 posts
I need help with Agent3.WJV trojan. I ran AGV rescue disk to find it. IE8 isn't right. Google search doesn't work. I can manually load url on some sites (luckally this one) but not all. AGV rescue reported that the acpi.sys is corrupted and I'm sure there is more. I am not near expert enough to interpret the OTL log so help would be much appreciated. below is my OTL scan.

Thank you in advance, Mike


OTL logfile created on: 11/14/2012 10:16:56 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 85.56% Memory free
4.82 Gb Paging File | 4.25 Gb Available in Paging File | 88.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.03 Gb Free Space | 8.09% Space Free | Partition Type: NTFS

Computer Name: MIKEYJ | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 16:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.scr
PRC - [2012/11/08 08:06:57 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/08 08:06:57 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/12 14:33:10 | 001,026,432 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/04/28 10:30:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/23 12:58:57 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/25 12:38:40 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2001/07/31 20:59:50 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/11/08 08:06:57 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/08 08:06:57 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
MOD - [2012/11/08 08:06:57 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 08:06:57 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/09/19 16:19:14 | 000,142,208 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012/06/14 06:58:47 | 000,221,696 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/13 20:43:39 | 013,197,824 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/13 20:35:11 | 001,666,048 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/10 06:50:21 | 000,762,368 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 06:50:17 | 000,786,944 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 06:50:15 | 000,646,656 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/09 19:11:52 | 006,798,336 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/09 19:11:32 | 007,052,800 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/09 19:11:26 | 000,980,480 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/09 19:11:24 | 005,618,176 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/09 19:11:13 | 009,090,560 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/09 19:10:59 | 014,412,800 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/07/25 12:38:48 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2011/07/25 12:38:48 | 000,075,112 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/09/15 17:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2009/09/15 17:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2009/09/15 17:20:46 | 000,342,528 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2006/06/09 13:37:54 | 000,034,304 | ---- | M] () -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
MOD - [2006/06/09 13:37:42 | 000,064,000 | ---- | M] () -- C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
MOD - [2001/07/31 20:59:50 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2001/07/31 20:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll
MOD - [2001/07/31 20:59:42 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll


========== Services (SafeList) ==========

SRV - [2012/11/08 08:06:57 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/12 14:33:10 | 001,026,432 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/10/09 09:25:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/08 08:06:57 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/10/04 05:22:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/04 05:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/25 16:35:34 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/07/25 16:35:34 | 000,556,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/07/25 16:35:34 | 000,118,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2011/07/25 16:35:34 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl)
DRV - [2011/07/25 16:35:34 | 000,059,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2011/07/25 16:35:34 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011/07/25 16:35:34 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/03/17 19:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 14:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{81989B10-FF51-440A-AA6F-6CA2880879D8}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-27 11:20:09&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/28 10:30:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 08:07:18 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: {check_default_browser:false,clear_data:{form_data:true,passwords:true,time_period:4},clear_lso_data_enabled:true,show_home_button:true,window_placement:{bottom:728,left:10,maximized:true,right:1014,top:10,work_area_bottom:738,work_area_left:0,work_area_right:1024,work_area_top:0}},cloud_print:{email:},countryid_at_install:21843,default_apps_install_state:2,default_search_provider:{enabled:true,encodings:UTF-8,icon_url:http://www.google.com/favicon.ico,id:2,instant_url:{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}{google:instantEnabledParameter}{searchTerms},keyword:google.com,name:Google,prepopulate_id:1,search_url:{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms},suggest_url:{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}},distribution:{alternate_shortcut_text:false,chrome_shortcut_icon_index:0,create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[http://www.google.com/,[http://ssl.gstatic.c...],startup_list:[1,http://ssl.gstatic.com/,http://www.google.com/]},download:{directory_upgrade:true,extensions_to_open:},extensions:{autoupdate:{last_check:12980259614068125,next_check:12980275950474625},blacklistupdate:{lastpingday:12980242806737125,version:0.0.0.103},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},settings:{abciiempgohamehppammbkhkicmkgkob:{blacklist:true},aemcjbfajnnmhblifaejadoecfoaebld:{blacklist:true},afenhmponmfmdmbmccbmglppcmjhmhmh:{blacklist:true},agmhonoepgcnakccfpidhjehlocaeaaj:{blacklist:true},ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[appNotifications,management,webstorePrivate]},app_launcher_ordinal:n,page_ordinal:n},ahjfgnikolodijnpakeknpilnemojlhc:{blacklist:true},alcbnnpmipohgdllkkglhkbncijplago:{blacklist:true},apdmgffkfhjfeejmbjidennfjdkmmmbl:{blacklist:true},bjihddggcgnblgojnmhpnngonofbnkaj:{blacklist:true},bkkchglolnigbfncnbnnbhhempjkdpkf:{blacklist:true},boaoagnmpennjoigkkmnjhecapibhfko:{blacklist:true},boclfockfmgcppbajihcgajhpggaakgl:{blacklist:true},bokkificjhapflinbdejegngffgkcgfe:{blacklist:true},caphkimknlmnhpjoneddiaakmcaajagb:{blacklist:true},cbbjhegipokkofhhicbckicchjpcpeni:{blacklist:true},cfbdodejdeejbkffcmiaknpmojjeibpn:{blacklist:true},cihlkpohodpdkdnfalhdkhhlhmhffmbe:{blacklist:true},cjhklhdjonhcohlacgggcbklpnldleck:{blacklist:true},clapnamcglekekmamicmbahkghdcjaeh:{blacklist:true},cmjphjljejnfgdbkdgdlclaabimpknna:{blacklist:true},coajchbkdbfhmhbgcjepiofllfjjcpfp:{blacklist:true},danapgfidmepmcfbjjacceiaiiioieio:{blacklist:true},dbiblcmlcgdjjbdpbmbcpineegngkiip:{blacklist:true},dbmdicehacbaohlockjgdglcobimmjkh:{blacklist:true},dgcfmgdfbfbgcpbendbhbkfjppboebed:{blacklist:true},dgkemngdheppgohkjjelnkjmdeimmfml:{blacklist:true},dlobhinihbmedmheccecfnkcadpehmbf:{blacklist:true},dmkdhgkknhnfpdjeicefnpmhcpbimden:{blacklist:true},doneghboglgnflpdicnkaojmmljgejkj:{blacklist:true},dpgenihgggagjjggfocjceeobjkadcbc:{blacklist:true},dpmloehicimdjkibmobhmpgdndgbcced:{blacklist:true},ebdcdchjcndpjhehacedepnggfdbfkpn:{blacklist:true},edmnikahahfkfilbbjbdoiabnghbkmjc:{blacklist:true},efhjelcghjkfigiagdfbfilndaffpmdj:{blacklist:true},efnaljpgehfilpmkhobibbjceeeondmn:{blacklist:true},egljdhfnbjahogjahnigfnbpidlmdagi:{blacklist:true},ehgoiaffgjoinpkllmmnikghgpghnabc:{blacklist:true},ehomcoocpagnlcakcbecdaknmacmedld:{blacklist:true},fafoohpbicgbcejffcplajonhhooddle:{blacklist:true},fbhiehmngojjcmljddjmgpmcockbccmo:{blacklist:true},fibgploapkhokkbncddlkcmbmiengcfp:{blacklist:true},fjjeecfjmgfnleghoellhldedkaocjfc:{blacklist:true},flmmgcfcpbfddenepkfmgfpbaceolcoe:{blacklist:true},fmcccidacjgnfiafddkngmeolkoiihil:{blacklist:true},fmonlemffgbabjifjfaoamdflijecdbk:{blacklist:true},fnhcgnmfccojojojacgeiaaeacefdohb:{blacklist:true},fpbippbofbmgmbojjmgfcifpmdaelcmd:{blacklist:true},fpmajanjndhgpifbcbnklbiehgnpkgmf:{blacklist:true},gbenikfjhilhpgagllmfgggdjaflbmbi:{blacklist:true},ghgphbmpcfgkfneodjpbdanmdoemklio:{blacklist:true},gjkbghdignnlcknknflbigpammebiolo:{blacklist:true},gkjeccpmibljcfpfapfljciimedljpnm:{blacklist:true},gnapdhmknipknfmhhnhdmhakdfhgeing:{blacklist:true},gncfgndgeoddelbfhlndhljnecoednaa:{blacklist:true},gngmkbiihflpghldjnbpemaicedhdddk:{blacklist:true},gobjcjhhebpjbmjdgmejhebbleadnceo:{blacklist:true},hbaajkahagmlkdekmbdabikbopdgpaac:{blacklist:true},hcapokajkngndbglnfglpfdpoeidmpha:{blacklist:true},hcpndbchnlgojmnijaldkicigmihmdca:{blacklist:true},hefmoncdemhjembgbnkgglhlookbipdc:{blacklist:true},hgjgaeknhmidehalnmokomhpfhbfmpcm:{blacklist:true},hhfffemhgkginfafaoapljdllodppana:{blacklist:true},hhfiljkpjapjjphcocclhhaldpfkkjbi:{blacklist:true},hhjmkijkgojfifipdgmiemghfikbohcm:{blacklist:true},hhlgbfcfbkhlmajakkcjippgpcmejkko:{blacklist:true},hkbgccpdcpbdckohbknjlamamelcnlki:{blacklist:true},hnipgljcblpgnnojcfldehpeknhakbgj:{blacklist:true},hnkcpoijaeegompjgbjjhkdmljldaccg:{blacklist:true},hpibmhghjndideebpackbdlpncgkcppp:{blacklist:true},ifbkndkaolfbjjhnnhfmkbkoclpdkpli:{blacklist:true},ifeijfpkjckedpclgncedmgdiaoeahmk:{blacklist:true},ijecjbcgpblkacpijljpaienknanaloa:{blacklist:true},ijenlpgidnapbndonoinbkhekgjonojg:{blacklist:true},imfbomjbodpfgfhfahlgkkcllmhbelhk:{blacklist:true},imkffpjpdngdkpgadcmnlkhhmhdocijn:{blacklist:true},iobnpmeeecphddicmhhmdjbnlbdhjlne:{blacklist:true},iomejadoamfilglofmeaffghddcgapmf:{blacklist:true},janhdpmhnighonkkbkdpnljcoenpfkbh:{blacklist:true},jcmipejepoimfflnoapdmkdephgjinck:{blacklist:true},jfmjfhklogoienhpfnppmbcbjfjnkonk:{active_permissions:{api:[tabs],explicit_host:[http://*/*,https://*...criptable_host:[http://*/*,https://*...ontent_scripts:[{js:[contentscript.js],matches:[http://*/*,https://*...tion:RealPlayer HTML5Video Downloader Extension,key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl0WKWTrid8Fh+tsoJPRheLc7tksPgH1NfLF79Fj3YKb0fk2Fip1eE/chfSnGWQkxe5Ck2r+ZPba7m+FWQhZDCE5EXvOTDoqi7TEvjccW5pMpW5wCUOLKQVSttgBwkY8EUYt40SwtJ6HmLoPZfQmo9W3qAjnlhlF5AkY4jYgBv3QIDAQAB,name:RealPlayer HTML5Video Downloader Extension,permissions:[tabs,http://*/*,https://*/*],version:1.5},path:jfmjfhklogoienhpfnppmbcbjfjnkonk\\1.5_0,state:1},jgmpapdckakiohhebmeoemejibommimi:{blacklist:true},jhhabiomopkibeecgngiggmopkeofacl:{blacklist:true},jindbcpkhnnnjgcjgmkjedbibibiojjf:{blacklist:true},jjnkfllhcgkgnfbekpnmoikpfihpjfli:{blacklist:true},jkihmglffmfjedfbpbpdbbimcodjbmdh:{blacklist:true},jmfkcklnlgedgbglfkkgedjfmejoahla:{active_permissions:{api:[plugin],scriptable_host:[http://*/*,https://*...ontent_scripts:[{js:[content/jquery-1.4.4.min.js,content/avgls-inline.js,content/searchengine.js,content/searchshield.js],matches:[http://*/*,https://*...iption:Securing your clicks.,format_version:1,icons:{128:content/Icons/128x128.png,16:content/Icons/16x16.png,48:content/Icons/48x48.png,64:content/Icons/64x64.png},id:881AC4EF96904f5fA0B49048C377CD59E8A84102,key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB,minimum_chrome_version:9,name:AVG Safe Search,plugins:[{path:plugins/avgnpss.dll,public:true}],version:12.0.0.1901},path:jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0,state:1},jmifipgdcllamghkhdplfjffkciekbgo:{blacklist:true},jpgidahfcgiajlcbleeiaibpmmblcmnb:{blacklist:true},jpkdlckejfjidmplieobnhijmoiecbhl:{blacklist:true},kbipembkfhbdmkkkfbigmohilmknjnof:{blacklist:true},kcanfkmhccbaheheaackijegkclkaeic:{blacklist:true},kcfnnanmpghdnoompcfclakpacapnfbn:{blacklist:true},kelcbonmemlciepjdmfcifnhloeammhj:{blacklist:true},kgbkdabomfdpfoibliicpmibceaoohgh:{blacklist:true},kinhljbhjmcmoddhdoodekeklmjapjff:{blacklist:true},kkhomejdleoonmbdhcigkhkjcghngncf:{blacklist:true},kleaapgdkahaekcocmkbgfainbhihccj:{blacklist:true},kolbbghckjilleabphhgeggcgpfidofi:{blacklist:true},lbficnmfealeidppcbgdcbemgfjodbkg:{blacklist:true},lceaiepehinnomgijphkmjccbigkljkj:{blacklist:true},likifpgnijjfbdegfepoalpamlgnfofi:{blacklist:true},ljcicfibknpmlcmcecddjlbgkejehhpa:{blacklist:true},ljeihpebkahejeacdalhkhmckmggppif:{blacklist:true},lkdimamelhbiijkiljlnedmhnnkkmlbl:{blacklist:true},lljnngafekbnkpdfophmcdlbfebcbcld:{blacklist:true},lnahlgmhpghkhmafjppdidhcoaomipfg:{blacklist:true},lnbeebaenahmkbffnimghceldeeihfak:{blacklist:true},lncjcfkpannmofmpgdfoonkniofdnaba:{blacklist:true},mbmdaiddhfoljplpdhohimgieioblfif:{blacklist:true},mdiehnlecbjlppbpaaipmlnhhjgepfcg:{blacklist:true},mfffdpnblflpobcnekhekiahepofaane:{blacklist:true},mfhfkclojmdocagbmecgcnlofppebebd:{blacklist:true},mfncimdpmknolnnnccdmkpnpkaofonkc:{blacklist:true},mjgobkikdipfikmaoakdcdbicpioljgg:{blacklist:true},mkobblpffgbncfhijabakfafmkjdmmnm:{blacklist:true},mlmegahemifabfmdnndafagnncfbnahn:{blacklist:true},mlmmbepkgelpbenpobinockmiehdahai:{blacklist:true},mlnoedbhndgbjcbeadjfnmjloejlgojk:{blacklist:true},mmjodihhmnpkldljaifiajmlnpflfhpm:{blacklist:true},mnhcgaghminpdabllkbkecahjfkdiabk:{blacklist:true},mnichagcickblneeijmfnmoiakigmmhf:{blacklist:true},mogepbcllienegdibkfpmombhefhcoic:{blacklist:true},nbieffehfdniifkgdckbndjhojohbfjj:{blacklist:true},ndhkiimgbjnendpcfbiadlifmangejoa:{blacklist:true},ndiogongcmocdgjciemhagfhpjamehpe:{blacklist:true},nepfiodmbijheamafkiglonfkjebdjmf:{blacklist:true},nibohffepnilngkecenfdgnokfhmnkod:{blacklist:true},nidodbfomffkfabciljelkbdiabkeehe:{blacklist:true},nihhbeikpchdddoillfdcdinnnnllmna:{blacklist:true},nlgapikcofpablcmfgaoodlhiejiehhh:{blacklist:true},nmphbnbmgfccfhcmibikmhcgajjpelpf:{blacklist:true},nnioepmjbjjlflmdgjanlcmbjahljeeo:{blacklist:true},nochkknnbahbhmmknnmdhagelcnfagom:{blacklist:true},noefghcilkpcabnhhilojimkkjplhcnd:{blacklist:true},oakhllhnbcpgagdafgbninlpjdemdmjk:{blacklist:true},ocnlnkjmfnolmbclblfhfhcakldceiec:{blacklist:true},onpnpccdagncipgnoofbhchlbajcjnkd:{blacklist:true},ookcgejbfhcmcanfkfmmmpahflnlajbl:{blacklist:true},pbekednmpdekknlffkiopooofokfmkla:{blacklist:true},pbglijbamgmlcpnnpbfjkbdeheejjloj:{blacklist:true},pfcelnbmkeoaeicedjomcjkcammlkdbk:{blacklist:true},pfonklmafadkmcedjlodommcoipgbcde:{blacklist:true},pjdhkkcnlbfebiokpeghfffajaabahfo:{blacklist:true},pkbbbncikcipejaiiiioboongndhmjgl:{blacklist:true},pkbkkendemaimikinaefldfljliecapm:{blacklist:true},plfijddblbcdcnammpdmfccchkbdekmm:{blacklist:true},pnaiiipilbpcceggeanphcpkkihnojan:{blacklist:true},pnnbdjcjeiobikdfikegpclkcimgafpp:{blacklist:true},pnpgiaejfbdapllkchhgchjpdbcpiooa:{blacklist:true},ppmfajacidhcjbddpgmcmigffpppcadd:{blacklist:true}}},homepage:http://www.google.com,homepage_is_newtabpage:false,http_throttling:{enabled:true},net:{http_server_properties:{fonts.googleapis.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:false},ssl.google-analytics.com:443:{settings:[{id:5,value:32},{id:6,value:0}],supports_spdy:false},support.google.com:443:{settings:[{id:5,value:19},{id:6,value:2}],supports_spdy:false},themes.googleusercontent.com:443:{settings:[{id:5,value:45},{id:6,value:0}],supports_spdy:false},www.google.com:443:{settings:[{id:5,value:26},{id:6,value:5}],supports_spdy:false}}},ntp:{app_page_names:[Apps],intro_display_count:11,pref_version:3,promo_build:11,promo_closed:false,promo_end:1333353540.0,promo_feature_mask:0,promo_group:20,promo_group_max:99,promo_group_timeslice:0,promo_is_logged_in_to_plus:false,promo_line:<b>New!</b> Browse the web with twice the mice. <a href=\http://google.com/chrome/multitask\>Try Chrome Multitask Mode</a>,promo_platform:15,promo_resource_cache_update:1335785657.0665,promo_start:1333267260.0,promo_views:0,promo_views_max:15,sign_in_promo:{group:73,group_max:100}},plugins:{enabled_internal_pdf3:true,enabled_nacl:true,last_internal_directory:C:\\Program Files\\Google\\Chrome\\Application\\18.0.1025.162,plugins_list:[{enabled:true,name:Remoting Viewer,path:internal-remoting-viewer,version:},{enabled:true,name:Remoting Viewer},{enabled:true,name:Native Client,path:C:\\Program Files\\Google\\Chrome\\Application\\18.0.1025.162\\ppGoogleNaClPluginChrome.dll,version:},{enabled:true,name:Native Client},{enabled:true,name:Chrome PDF Viewer,path:C:\\Program Files\\Google\\Chrome\\Application\\18.0.1025.162\\pdf.dll,version:},{enabled:true,name:Chrome PDF Viewer},{enabled:true,name:Shockwave Flash,path:C:\\Program Files\\Google\\Chrome\\Application\\18.0.1025.162\\gcswf32.dll,version:11,2,202,229},{enabled:true,name:Flash},{enabled:true,name:AVG Internet Security,path:C:\\Documents and Settings\\owner\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0\\plugins/avgnpss.dll,version:12.0.0.1901},{enabled:true,name:AVG Internet Security},{enabled:true,name:Adobe Acrobat,path:C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll,version:10.1.3.23},{enabled:false,name:Adobe Acrobat},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin2.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin3.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin4.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin5.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin6.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime Plug-in 7.7.1,path:C:\\Program Files\\QuickTime\\plugins\\npqtplugin7.dll,version:7.7.1 (1680.42)},{enabled:true,name:QuickTime},{enabled:true,name:Microsoft® DRM,path:C:\\Program Files\\Windows Media Player\\npdrmv2.dll,version:9.00.00.4503},{enabled:true,name:Microsoft® DRM,path:C:\\Program Files\\Windows Media Player\\npwmsdrm.dll,version:9.00.00.4503},{enabled:true,name:Microsoft® DRM},{enabled:true,name:Windows Media Player Plug-in Dynamic Link Library,path:C:\\Program Files\\Windows Media Player\\npdsplay.dll,version:3.0.2.629},{enabled:true,name:Windows Media Player},{enabled:true,name:RealNetworks™ Chrome Background Extension Plug-In (32-bit) ,path:C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll,version:15.0.3.37},{enabled:true,name:RealNetworks™ Chrome Background Extension Plug-In (32-bit) },{enabled:true,name:RealPlayer™ HTML5VideoShim Plug-In (32-bit) ,path:C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll,version:15.0.3.37},{enabled:true,name:RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ,path:C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nppl3260.dll,version:15.0.3.37},{enabled:true,name:RealPlayer Version Plugin,path:C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprpjplug.dll,version:15.0.3.37},{enabled:true,name:RealPlayer},{enabled:true,name:CANON iMAGE GATEWAY Album Plugin Utility,path:C:\\Program Files\\Canon\\Easy-PhotoPrint EX\\NPEZFFPI.DLL,version:3.0.5.0},{enabled:true,name:CANON iMAGE GATEWAY Album Plugin Utility},{enabled:true,name:DictionaryBoss Installer Plugin Stub,path:C:\\Program Files\\DictionaryBossEI\\Installr\\1.bin\\NPv4EISB.dll,version:1, 0, 0, 1},{enabled:true,name:DictionaryBoss Installer Plugin Stub},{enabled:true,name:Google Earth Plugin,path:C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll,version:6.2.0.5788},{enabled:true,name:Google Earth Plugin},{enabled:true,name:Google Update,path:C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll,version:1.3.21.111},{enabled:true,name:Google Update},{enabled:true,name:RealJukebox NS Plugin,path:C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprjplug.dll,version:15.0.3.37},{enabled:true,name:RealJukebox NS Plugin},{enabled:true,name:Shockwave for Director,path:C:\\WINDOWS\\system32\\Adobe\\Director\\np32dsw.dll,version:11.6.1r629},{enabled:true,name:Shockwave},{enabled:true,name:Windows Presentation Foundation,path:c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll,version:3.5.30729.1 built by: SP},{enabled:true,name:Windows Presentation Foundation}]},profile:{avatar_index:0,content_settings:{pattern_pairs:{*,*:{per_plugin:{npsitesafety.dll:1}}},plugin_whitelist:{npsitesafety:{dll:true}},pref_version:1},exited_cleanly:true,name:First user},tabs:{use_compact_navigation_bar:false,use_vertical_tabs:false}
CHR - Extension: No name found = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/11/09 11:13:14 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B73CE7-8E05-4763-9F6F-E56028189932}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B3168B4-F4D1-4103-9A26-897BC3479B12}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484D3A0C-6B80-4A2D-892A-D9782AD21B03}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C86ABC0-DDF5-4171-B7E4-41B9A06076DA}: DhcpNameServer = 207.230.192.254 209.142.136.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{942A16C2-B9FF-4A71-A910-862E3DD77A45}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 17:52:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4aad5e8a-e557-11e0-8479-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4aad5e8a-e557-11e0-8479-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4aad5e8a-e557-11e0-8479-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4aad5e8b-e557-11e0-8479-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4aad5e8b-e557-11e0-8479-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4aad5e8b-e557-11e0-8479-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/13 16:13:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.scr
[2012/11/10 06:51:41 | 000,226,816 | ---- | C] (honest technology) -- C:\WINDOWS\System32\htvcdsvcd.ax
[2012/11/10 06:51:41 | 000,081,920 | ---- | C] (MyCompanyName) -- C:\WINDOWS\System32\ezrgb24.ax
[2012/11/10 06:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Iosubsys
[2012/11/08 19:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/08 08:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/10/24 06:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\IObit
[2012/10/24 06:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\AppData
[2012/10/24 06:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6
[2011/10/29 13:44:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\owner\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/14 09:54:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1901266156-2344783011-3797148864-1003.job
[2012/11/14 09:53:56 | 000,005,236 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/14 09:53:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 09:52:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/14 07:24:25 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Gmail Email from Google.url
[2012/11/13 16:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/13 16:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/13 16:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.scr
[2012/11/10 06:52:49 | 000,001,024 | RH-- | M] () -- C:\WINDOWS\System32\ntiembed.dll
[2012/11/10 06:51:35 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NTI DVD-Maker Gold.lnk
[2012/11/10 06:50:40 | 000,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2012/11/10 06:50:40 | 000,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2012/11/09 11:42:55 | 000,001,024 | RH-- | M] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2012/11/09 11:13:14 | 000,000,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/09 10:43:16 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\YouTube - Broadcast Yourself..url
[2012/11/09 09:47:26 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Amazon.com.url
[2012/11/09 07:35:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/08 19:00:45 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/11/08 08:52:15 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ArtsQuest ... imagine that..url
[2012/11/08 08:06:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/04 07:24:32 | 000,472,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 07:24:32 | 000,076,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/03 10:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/02 14:13:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1901266156-2344783011-3797148864-1003.job
[2012/11/02 06:52:41 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Streets & Trips 2008.lnk
[2012/10/24 06:37:03 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/10/24 06:37:03 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2012/10/24 06:37:03 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2012/10/22 08:25:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word 2007.lnk
[2012/10/22 08:18:27 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\WIP-FM - SportsRadio 94WIP 94.1 FM Philadelphia, PA - Listen Online.url
[2012/10/15 13:56:56 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Galaxy S3 Data connection horrible Verizon Wireless Community.url
[2012/10/15 13:31:37 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\King Crimson - Heroes (live in London 2000) - YouTube.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/10 06:51:35 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NTI DVD-Maker Gold.lnk
[2012/10/24 06:37:03 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/10/24 06:37:03 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2012/10/24 06:37:02 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 6.lnk
[2012/08/13 06:21:41 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\dt.dat
[2012/05/15 20:01:59 | 000,359,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/08 19:12:02 | 000,802,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1901266156-2344783011-3797148864-1003-0.dat
[2012/03/08 19:11:53 | 000,165,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/08 11:17:25 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/18 11:32:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/30 09:30:14 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 13:44:52 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\inst.exe
[2011/10/29 13:44:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\pcouffin.cat
[2011/10/29 13:44:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\pcouffin.inf
[2011/10/28 09:40:50 | 000,000,385 | ---- | C] () -- C:\WINDOWS\infoview.ini
[2011/10/28 09:40:45 | 000,000,158 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2011/10/28 09:40:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2011/10/28 09:39:43 | 000,078,438 | ---- | C] () -- C:\WINDOWS\EXTRACT.EXE
[2011/10/28 09:34:15 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2011/10/28 09:33:28 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2011/10/28 09:31:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2011/10/28 09:31:29 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2011/10/28 09:07:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011/10/28 08:53:28 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2011/10/28 08:53:27 | 000,000,999 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/10/28 08:53:25 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2011/07/25 12:38:48 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

========== ZeroAccess Check ==========

[2011/10/31 08:34:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/08 08:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/09/27 10:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/28 09:03:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/01/02 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/01/02 17:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/01/03 10:43:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/01/02 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/01/02 17:02:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/01/02 17:03:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/01/02 17:10:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/01/02 16:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/01/02 16:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/10/27 09:43:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/24 06:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/11/14 09:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/04 10:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/10/28 09:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/11/04 11:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012/01/23 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Audacity
[2012/09/27 10:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\AVG Secure Search
[2012/09/27 10:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\AVG2013
[2012/01/02 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Canon
[2012/05/06 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Canon Easy-WebPrint EX
[2012/01/20 11:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Digiarty
[2012/10/24 06:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\IObit
[2012/01/23 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\SanDisk
[2011/10/28 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ScanSoft
[2012/09/27 10:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TuneUp Software
[2011/10/29 13:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am currently reviewing your logs and will post back soon with some instructions. If you have the Extras.txt log, please post that as well.
  • 0

#3
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi mjfin,

We need to run some more scans to get a deeper look at your system.

Step 1: Run RogueKiller.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • RougeKiller log
  • aswMBR log

  • 0

#4
mjfin

mjfin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Buddierdl


thank you so much for replying to me. I am having another bad day. I am using my wife's laptop to send this because my computer got worse. I went to the Roguekiller link and here is what happened. it looks like you had to go to the english page so I did. Then instead of reading the fine print, Like an idiot, I hit the big green download button. I got an AGV warning to stop or continue and thinking that it must be OK, it hit continue. I may have forgotten some steps, but I think I then got back to the desktop to see what I downloaded. I had an icon called 7.zip. I thought that it was odd that it wasn't called rougekiller but I went ahead and opened it. I forgot exactly what happened but I then realized that I did something wrong. I went back to the link and this time read the fine print and realized that I did the wrong thing. I was suppose to hit the mirror or download page button above the green download rectangle. I did that and this time it looked like I got the rougekiller program to my desktop. I then opened the icon and wouldn't you know it, AGV gives me the warnig again. It said I had "IDP.Trogan.97AC54E5". I told AGV to correct it and after a short while it looked like it did. I then thought I would delete the icon and reload it, but now IE8 doesn't work. It comes up for a second and then disappears. I tried to run advanced system pro and that now stops half way through with an error. I was going to give you another OTL log but OTL doesn't work anymore either. You can't double click an icon to open it anymore. Maybe I could try to repair Windows with the program cd. I am at the point where I think I am going to just get another drive (I need a bigger one anyway) and reload. If you want to continue, I could exchange the new and infected drive back and forth as needed. I was looking forward to learning something through this experience but if you don't want to I would totally understand. I guess I did learn something and that is if AGV gives you a warning, stop what you are doing and get out. Let me know what you would like to.
Thanks again, Mike
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Thank you for letting me know what is going on. I am so sorry that my instructions were not more clear. I need to check with my instructor before I can advise you on how to proceed, so please bear with me. I will probably have something for you tomorrow morning. I just wanted to check in now and let you know that I am still with you.
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi mjfin,

Lets run a program to clean up the junk a little and then try RogueKiller again. This time I will give you a direct download link. If you cannot get the internet to work in normal mode, please try safe mode with networking. To get into safe mode, reboot your computer and tap the "F8" key as it boots. The computer will ask you which mode to boot in. Please select "Safe Mode with Networking."

Step 1:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 2: Try RogueKiller again. RogueKiller may cause an alert from AVG, but the link below is a correct link. AVG is just giving a false positive, so please tell it to ignore the threat. The file will be named RogueKiller.exe.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Things I need in your next reply:
  • adwCleaner log
  • RogueKiller log

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP