Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or Trojan that my AVG and Norton cannot find [Solved]

Started by Ricky_22 , Jan 03 2013 04:11 PM

  • This topic is locked This topic is locked

#1
Ricky_22
Posted 03 January 2013 - 04:11 PM

Ricky_22

    Member

  • Member
  • PipPipPip
  • 349 posts
This is what it's doing, also at th+-e --e------------------n-----------d------ -----------o-----------------f----- --------t------h---------i---------------------s------- -----------p--------o------------s--------------t------------------------------------ (-------------------------------------------------------------------------------------------------------------------------------------------------------------------)This is so annoying, I have full AVG internet security and also Norton (on 30 day trial) and neither pick up this 'disease' -

It just fills in spaces with either dots or dashes when I try to type, sometimes even before I type, and it dings (audio) frequently - it particularly targets my e-mail (I use incredimail) and the start section when I open it, with just dots and or dashes and audio 'dings' and everything disappears - then I have to figure how to get it back on screen - but it doesn't take long to do it again ................... If you guys can help, I'd be so grateful - :wub:


Here's my OTL which I have just corrected to conform to your directions -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Ricky


OTL logfile created on: 4/01/2013 7:16:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads\You-Tube
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.05% Memory free
4.00 Gb Paging File | 2.63 Gb Available in Paging File | 65.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 625.54 Gb Free Space | 67.15% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Downloads\You-Tube\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe (EasyTech)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Norton Internet Security\Engine\20.1.0.24\wincfi39.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EasyRedirect) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe (EasyTech)
SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (MpKslffcf2105) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31A43B31-2F2A-4038-999D-D590533E4478}\MpKslffcf2105.sys File not found
DRV - (MpKslf19de14c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{333804DA-11C5-4170-A452-FE4B17BCE577}\MpKslf19de14c.sys File not found
DRV - (MpKsl5c9dbdbc) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DC5044D-52C1-4D71-904C-D328480D198A}\MpKsl5c9dbdbc.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130103.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130103.003\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130102.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx86.sys (Symantec Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1401000.018\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1401000.018\SymEFA.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1401000.018\ccSetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1401000.018\SymDS.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1401000.018\Ironx86.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1401000.018\symnets.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1401000.018\srtspx.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (U2800Vid) -- C:\Windows\System32\drivers\U2800vid.sys (Compro Technology, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...07-D843DD0F4BB7}
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Downloads\You-Tube
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKCU\..\SearchScopes\{6DEA3357-2B99-4EED-936A-ADD045390116}: "URL" = http://www.google.co...Page={startPage}
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...game_search_box
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-10-10 13:41:53&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...?q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://au.search.yah...&p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6R7N7T2fgE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/01 16:34:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin: C:\Program Files\MyWebFace_5a\bar\1.bin\NP5aStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/16 00:55:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 20:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files\MyWebFace_5a\bar\1.bin [2012/05/23 10:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/09 17:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/01/04 03:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/01/04 06:48:50 | 000,000,000 | ---D | M]

[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2481032
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: IB Updater = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.550_0\
CHR - Extension: IncrediMail MediaBar 2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj\2.3.16.7_0\
CHR - Extension: Ashampoo US = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.13.20.300_0\
CHR - Extension: New Tab for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: AVG Secure Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.1.0.24\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.1.0.24\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.1.0.24\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/04 06:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/04 06:00:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CF46172-03DE-4731-B3B0-1E305915A139}
[2013/01/04 04:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/01/04 03:41:34 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/01/04 03:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/04 03:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/04 03:40:27 | 000,926,880 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\SymEFA.sys
[2013/01/04 03:40:27 | 000,585,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\srtsp.sys
[2013/01/04 03:40:27 | 000,368,288 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\SymDS.sys
[2013/01/04 03:40:27 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\symnets.sys
[2013/01/04 03:40:27 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\srtspx.sys
[2013/01/04 03:40:27 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\SymELAM.sys
[2013/01/04 03:40:26 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\Ironx86.sys
[2013/01/04 03:40:26 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1401000.018\ccSetx86.sys
[2013/01/04 03:39:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2013/01/04 03:39:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1401000.018
[2013/01/04 03:39:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/01/04 03:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2013/01/04 03:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/04 03:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/04 03:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/01/02 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/01/02 03:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2012/12/29 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E58550-D6B0-4013-AA25-133CB20469BF}
[2012/12/26 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10566215-1643-4E75-98BA-D6C83B34A25B}
[2012/12/25 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31D8AB4E-135C-4CB2-B717-E911815F448C}
[2012/12/24 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687F8AE3-2648-475B-BC8E-01F699AAE412}
[2012/12/21 20:38:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/21 20:38:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/21 20:36:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/21 20:36:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/21 20:36:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/21 20:36:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/21 20:36:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/21 20:36:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/21 20:36:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/21 20:36:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/21 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/21 19:46:59 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/21 19:46:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/21 19:46:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/21 19:46:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/21 19:46:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/21 19:46:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/21 19:46:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/21 19:46:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/21 19:46:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/21 19:46:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/21 19:46:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/21 19:46:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/21 19:46:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/21 19:46:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/21 19:46:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/21 19:41:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/21 19:41:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/19 09:54:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D96D4F52-C55A-4A6D-86D1-0E6CD956A7DC}
[2012/12/09 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/12/08 06:03:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B77B2FE-62FC-4A0C-B8E1-91251D36AA2A}
[2012/12/07 15:13:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A6C04D60-7981-43EA-825C-049186F819BB}
[2012/12/07 00:43:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1F9C9CDF-8798-43CD-B13D-B94F63029742}
[2012/12/05 14:17:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31F66375-35CA-447F-9344-06458E055828}
[2011/11/22 22:57:22 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Users\Owner\cnmss Canon iP4500 series (Local).dll

========== Files - Modified Within 30 Days ==========

[2013/01/04 06:54:37 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/04 06:54:37 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/04 06:53:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 06:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/04 06:47:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/04 06:47:02 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/04 06:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000UA.job
[2013/01/04 06:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/04 05:37:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000Core.job
[2013/01/04 03:54:11 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401000.018\VT20121114.016
[2013/01/04 03:43:19 | 001,531,805 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401000.018\Cat.DB
[2013/01/04 03:41:34 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/01/04 03:41:34 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/01/04 03:41:34 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/01/02 15:08:00 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/02 03:54:39 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/12/24 08:45:53 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 08:43:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/22 02:38:30 | 000,002,485 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/12/22 02:38:30 | 000,002,191 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/21 23:31:52 | 000,270,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 19:49:05 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/16 22:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/16 22:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/12 10:24:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/12 10:24:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/10 09:57:35 | 000,001,310 | ---- | M] () -- C:\Users\Owner\Documents\cc_20121210_095727.reg
[2012/12/09 22:57:12 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/09 17:29:33 | 000,753,152 | ---- | M] () -- C:\Windows\is-VFVUN.exe
[2012/12/09 17:29:33 | 000,010,498 | ---- | M] () -- C:\Windows\is-VFVUN.msg
[2012/12/09 17:29:33 | 000,000,294 | ---- | M] () -- C:\Windows\is-VFVUN.lst
[2012/12/09 17:28:18 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Protect your email.lnk
[2012/12/09 17:28:18 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2012/12/09 17:28:18 | 000,001,977 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2012/12/06 03:15:54 | 000,003,520 | ---- | M] () -- C:\Windows\System32\EasyRedirect.ini
[2012/12/06 03:15:54 | 000,002,040 | ---- | M] () -- C:\Windows\System32\EasyRedirectOff.ini

========== Files Created - No Company Name ==========

[2013/01/04 03:55:20 | 000,013,946 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\VT20121114.016
[2013/01/04 03:41:39 | 001,531,805 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\Cat.DB
[2013/01/04 03:41:34 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/01/04 03:41:34 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/01/04 03:39:26 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymEFA.inf
[2013/01/04 03:39:26 | 000,002,851 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymDS.inf
[2013/01/04 03:39:26 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymNet.inf
[2013/01/04 03:39:26 | 000,001,387 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\srtspx.inf
[2013/01/04 03:39:26 | 000,001,387 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\srtsp.inf
[2013/01/04 03:39:26 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\symELAM.inf
[2013/01/04 03:39:26 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\ccSetx86.inf
[2013/01/04 03:39:26 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\Iron.inf
[2013/01/04 03:39:08 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymELAM.cat
[2013/01/04 03:39:08 | 000,008,942 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymVTcer.dat
[2013/01/04 03:39:08 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\ccSetx86.cat
[2013/01/04 03:39:08 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymNet.cat
[2013/01/04 03:39:08 | 000,007,599 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymEFA.cat
[2013/01/04 03:39:08 | 000,007,597 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\srtspx.cat
[2013/01/04 03:39:08 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\SymDS.cat
[2013/01/04 03:39:08 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\srtsp.cat
[2013/01/04 03:39:08 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\iron.cat
[2013/01/04 03:39:08 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1401000.018\isolate.ini
[2012/12/10 09:57:31 | 000,001,310 | ---- | C] () -- C:\Users\Owner\Documents\cc_20121210_095727.reg
[2012/12/09 17:29:33 | 000,753,152 | ---- | C] () -- C:\Windows\is-VFVUN.exe
[2012/12/09 17:29:33 | 000,010,498 | ---- | C] () -- C:\Windows\is-VFVUN.msg
[2012/12/09 17:29:33 | 000,000,294 | ---- | C] () -- C:\Windows\is-VFVUN.lst
[2012/12/09 17:28:18 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\Protect your email.lnk
[2012/12/09 17:28:18 | 000,001,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[2012/12/09 17:28:18 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2012/12/09 17:28:18 | 000,001,977 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/08/13 16:12:41 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/16 01:08:27 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/16 00:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
[2011/05/26 17:06:50 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/05/13 22:47:52 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/05/13 22:47:52 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/03 12:32:28 | 000,139,772 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/04/03 12:32:27 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/16 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2013/01/02 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Applian FLV and Media Player
[2012/10/26 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/11/12 15:07:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/10/12 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/10/10 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVSoftware
[2013/01/04 06:56:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2012/07/09 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CometPlayer
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2010/11/24 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gygan
[2012/06/09 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Icir
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/01 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2012/10/28 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2011/11/12 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RegGenie
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/11/29 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2012/07/06 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2012/10/10 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/06/08 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Umost
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/06/08 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yskyof

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >-------------------------------------
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Edited by Ricky_22, 03 January 2013 - 05:29 PM.

  • 0

Advertisements

#2
Ricky_22
Posted 05 January 2013 - 12:24 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
Sorry guys, I feel a little fooloish, but AVG replied to the situation and found it was a keyboard malfunction - a stuck key -

Apologies most sincere


Ricky
  • 0

#3
godawgs
Posted 07 January 2013 - 10:37 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ricky,

You still have malware on your system....not to mention the two antivirus programs you appear to be running.
If you would still like some help, please let me know.
  • 0

#4
Ricky_22
Posted 10 January 2013 - 05:37 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
Thank you very much, yes, I would appreciate your help :)




Ricky

Edited by Ricky_22, 10 January 2013 - 05:40 AM.

  • 0

#5
Ricky_22
Posted 10 January 2013 - 05:39 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

Hi Ricky,

You still have malware on your system....not to mention the two antivirus programs you appear to be running.
If you would still like some help, please let me know.



Thank you very much, yes, I would appreciate your help Posted Image

I have dropped Norton antivirus, I had it on a 30 day trial - I have been with AVG a couple of years and it works well lol -

I have 'super antispyware' free addition which I update and run at least weekly - I run CC - which I also keep up-to-date and Ashampoo Win Optimizer 6 - (they never updated that, and I haven't upgraded to their new version)

My computer does run a little sluggish recently, even after full defrag and scans .............. I don't understand why that is though lol maybe it's the malware that you say I have?


Sincerest regards


Ricky
  • 0

#6
godawgs
Posted 10 January 2013 - 03:54 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

OTL needs to be run from the desktop. I want to remove OTL from the C:\Users\Owner\Downloads\You-Tube folder and download a fresh coy to the desktop and run some scans.


Step-1.

OTL Cleanup

2. Please re-open Posted Image.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove OTL and all logs produced.


Step-2.

IMPORTANT:Change your browser(s) to download any tools to the desktop.

Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"


Step-3.

Posted Image OTL

  • Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)
  • Double click on the Posted Image OTL icon to run it. ( Vista and Windows 7 users: Right click on the OTL icon and click Run as Administrator)
    Make sure all other windows are closed and let it run uninterrupted.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console.
  • Do Not click the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Use SafeList<---Very Important
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt will be on the desktop and Extras.Txt will be minimized. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-4

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-5.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
    Choose only one of the following:
  • Click the 32 bits (x86) download link and save the RogueKiller.exe file to the desktop. (For 32bit systems)
  • Click the 64 bits (x64) download link and save the RogueKiller.exe file to the desktop. (For 64bit systems)

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Double click the RogueKiller.exe. file to run the program.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • Do Not delete anything at this point.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The RKreports.txt log
  • 0

#7
Ricky_22
Posted 10 January 2013 - 06:37 PM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
As requested .....

OTL logfile created on: 11/01/2013 7:57:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.19% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 580.25 Gb Free Space | 62.29% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/12/21 19:43:20 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/09 17:27:01 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/09 17:27:01 | 000,268,272 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/12/09 17:27:01 | 000,133,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/12/09 17:27:01 | 000,071,664 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/12/09 17:27:01 | 000,032,680 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MOD - [2010/02/12 10:37:50 | 000,633,696 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll


========== Services (SafeList) ==========

SRV - [2013/01/09 03:22:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31A43B31-2F2A-4038-999D-D590533E4478}\MpKslffcf2105.sys -- (MpKslffcf2105)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{333804DA-11C5-4170-A452-FE4B17BCE577}\MpKslf19de14c.sys -- (MpKslf19de14c)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DC5044D-52C1-4D71-904C-D328480D198A}\MpKsl5c9dbdbc.sys -- (MpKsl5c9dbdbc)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U2800vid.sys -- (U2800Vid)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...07-D843DD0F4BB7}
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{6DEA3357-2B99-4EED-936A-ADD045390116}: "URL" = http://www.google.co...Page={startPage}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...game_search_box
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-10-10 13:41:53&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...?q={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://au.search.yah...&p={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6R7N7T2fgE
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/01 16:34:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin: C:\Program Files\MyWebFace_5a\bar\1.bin\NP5aStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 20:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files\MyWebFace_5a\bar\1.bin [2012/05/23 10:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/09 17:29:32 | 000,000,000 | ---D | M]

[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2481032
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: IB Updater = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.550_0\
CHR - Extension: IncrediMail MediaBar 2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj\2.3.16.7_0\
CHR - Extension: Ashampoo US = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.13.20.300_0\
CHR - Extension: New Tab for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: AVG Secure Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 07:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/09 06:09:56 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 06:09:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 06:09:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 06:09:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:09:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:09:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:09:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:09:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:09:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:08:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 06:08:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 06:08:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 06:08:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 06:08:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 06:08:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 06:08:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 06:08:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 06:08:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 06:08:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 06:08:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 06:08:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 06:08:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 06:08:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 06:08:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 06:08:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 06:07:57 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 06:07:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/04 06:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/04 06:00:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CF46172-03DE-4731-B3B0-1E305915A139}
[2013/01/04 04:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/01/04 03:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/04 03:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/02 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/01/02 03:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2012/12/29 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E58550-D6B0-4013-AA25-133CB20469BF}
[2012/12/26 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10566215-1643-4E75-98BA-D6C83B34A25B}
[2012/12/25 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31D8AB4E-135C-4CB2-B717-E911815F448C}
[2012/12/24 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687F8AE3-2648-475B-BC8E-01F699AAE412}
[2012/12/21 20:38:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/21 20:38:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/21 20:36:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/21 20:36:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/21 20:36:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/21 20:36:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/21 20:36:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/21 20:36:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/21 20:36:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/21 20:36:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/21 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/21 19:41:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/21 19:41:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/19 09:54:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D96D4F52-C55A-4A6D-86D1-0E6CD956A7DC}
[2011/11/22 22:57:22 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Users\Owner\cnmss Canon iP4500 series (Local).dll

========== Files - Modified Within 30 Days ==========

[2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/11 07:52:25 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 07:52:25 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 07:48:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 07:45:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 07:44:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/11 07:44:35 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/11 07:42:26 | 000,007,235 | ---- | M] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/11 07:37:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000UA.job
[2013/01/11 07:31:43 | 000,001,968 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4500 series.lnk
[2013/01/11 07:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 05:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000Core.job
[2013/01/09 07:41:39 | 000,270,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 07:23:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 07:23:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/09 03:22:18 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 03:22:18 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/07 11:37:16 | 000,003,520 | ---- | M] () -- C:\Windows\System32\EasyRedirect.ini
[2013/01/07 11:37:16 | 000,002,040 | ---- | M] () -- C:\Windows\System32\EasyRedirectOff.ini
[2013/01/06 00:31:46 | 000,010,312 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/05 21:07:47 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/04 18:28:22 | 000,002,544 | ---- | M] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:42 | 000,002,608 | ---- | M] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:45 | 000,002,488 | ---- | M] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2013/01/02 03:54:39 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/12/24 08:45:53 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 08:43:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/22 02:38:30 | 000,002,485 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/12/22 02:38:30 | 000,002,191 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/21 19:49:05 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/16 22:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/16 22:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

========== Files Created - No Company Name ==========

[2013/01/11 07:42:26 | 000,007,235 | ---- | C] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/11 07:31:43 | 000,001,968 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4500 series.lnk
[2013/01/06 00:31:43 | 000,010,312 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/04 18:28:20 | 000,002,544 | ---- | C] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:41 | 000,002,608 | ---- | C] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:42 | 000,002,488 | ---- | C] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2012/12/09 17:29:33 | 000,753,152 | ---- | C] () -- C:\Windows\is-VFVUN.exe
[2011/08/13 16:12:41 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/16 01:08:27 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/16 00:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
[2011/05/26 17:06:50 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/05/13 22:47:52 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/05/13 22:47:52 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/03 12:32:28 | 000,139,772 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/04/03 12:32:27 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011/07/16 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2013/01/02 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Applian FLV and Media Player
[2012/10/26 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/11/12 15:07:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/10/12 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/10/10 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVSoftware
[2013/01/11 00:57:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2012/07/09 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CometPlayer
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2010/11/24 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gygan
[2012/06/09 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Icir
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/01 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2012/10/28 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2011/11/12 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RegGenie
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/11/29 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2012/07/06 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2012/10/10 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/06/08 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Umost
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/06/08 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yskyof

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


OTL Extras logfile created on: 11/01/2013 7:57:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.19% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 580.25 Gb Free Space | 62.29% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032F8443-A3F9-401F-BBAE-338E20F842D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{04B3EB28-11B7-4215-BB5E-D39588C89659}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F356C19-83A1-419E-A9E4-0517CC6F88F5}" = lport=8744 | protocol=6 | dir=in | name=bitcomet 8744 tcp |
"{2C6936AC-4565-4A67-AA66-5346F7BADA0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{33D59C28-6226-4071-9E97-0D2633FFB3A6}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{350B020C-8910-4F57-B51E-2E582F3EB0A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{3897C1BE-1643-4A4F-ACED-B93F77ADA0E6}" = lport=8744 | protocol=17 | dir=in | name=bitcomet 8744 udp |
"{3947569E-68A8-4868-8D4D-B5964C378125}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FA1515F-E310-4BA2-9BC9-A2E377CBFBBE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4538C2A6-D881-47CD-863D-75A5B96F82BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B6380A4-752A-44D3-A1F0-73CE7DC6EF01}" = lport=139 | protocol=6 | dir=in | app=system |
"{50230824-DB16-4B71-A099-6BEB8F2EC5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BD865F1-0C01-48A3-A9DA-89DE0A038B45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62073BA1-0C00-4122-9D03-ABF0B54D7A5F}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{72059D5C-C5BA-4915-98DB-71C9481541D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8086BBD2-5AF8-408A-8BF9-2EA0BBA6C355}" = rport=138 | protocol=17 | dir=out | app=system |
"{8637308F-40C9-4940-93C7-9FC700B57751}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95EF5F9C-CEE0-45FB-8C75-9BFC2BD42257}" = lport=15081 | protocol=6 | dir=in | name=bitcomet 15081 tcp |
"{9DF04B0F-EC21-4AFB-8554-99B3628AEA72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E350EBE-8C71-4260-B465-8AA7B1C1BE54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A17124E6-E733-4503-A5F3-D4ED57512D39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABF1C57A-63CA-4E07-9C94-A5C3758A5F28}" = lport=15081 | protocol=17 | dir=in | name=bitcomet 15081 udp |
"{B5F73457-84E8-4D78-8C8F-8B760D5D33EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA839CBD-CCA5-4D88-88A5-B37F2A23F7E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4910CAD-785A-4ED9-ACD4-E995870D7454}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC828AFD-259E-40D6-AB95-2C12DBB439BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7A0A12C-C6BC-45A3-8E4E-8956061C3832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6820251-A8B4-4AF7-BA8A-0183B475E4EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F96BA2C1-2392-4B13-A70B-F918F25E4C14}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1041A4E1-2551-4729-8CBA-220C2AAB99B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{17254EA3-A281-49AA-AF22-5113C1244E51}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{2DE04B44-02E2-4C25-986D-B0CC56B7E521}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{33912DE8-4960-4B5F-A617-AF95A2F1B025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35445E76-3D73-4386-AFB6-9817F9DA58A3}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{3DEBBB95-067F-48C7-8FF4-D022BEA89FDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4372EBAF-776F-4A75-93C3-02F3EC8D99D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53E1C420-7FCD-4030-9C7C-B1D02F076A3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62929EB5-C1BA-4DF7-B83B-8937E983A7DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{641C6846-6B85-4D97-AA94-767D488977AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{643E3C36-F5CE-443F-B3A4-58117513B92A}" = protocol=58 | dir=in | [email protected],-28545 |
"{762F14D4-5324-4549-8326-17DCEE6ED3D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{769FDD06-D848-4242-B72C-A8000E120EE3}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{77A596CD-8690-4CA8-B66C-BF42EB32E05F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79EC946D-3858-44EE-8C12-DFFAE8FD9804}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{82C9A4F3-43F8-40BA-8760-239EC9F9115E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{89BC8FAB-09DD-4FFE-866D-72131E74A560}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{90019F24-C9B5-4388-9651-3C5E87EF00A4}" = protocol=6 | dir=out | app=system |
"{933C9B84-A0A4-4675-9B8F-4B9C601989C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99480236-FD3F-4E9D-83D2-8EDC417EFEDE}" = protocol=58 | dir=out | [email protected],-28546 |
"{9A05E165-EE2F-4FCE-9193-B8617DBB414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A756FEA1-C7B8-4AFC-885F-F1BE5C75B703}" = protocol=1 | dir=in | [email protected],-28543 |
"{AD5F7EFD-4D77-4E27-86CD-FCF2BBA11CAA}" = protocol=1 | dir=out | [email protected],-28544 |
"{AE329D1F-A6CB-45A2-8BEB-5A1339A9C6B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF14C0A4-A173-4572-B7A7-ED4EF2447CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B348F0E3-EE0F-4BC4-B0E0-3FECEC8D389C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BFD1A195-22BF-4B0B-B661-E27FD70117B7}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"{D16EEC80-44CC-434C-8D87-FFF3EE78BC95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DDB62523-B584-418A-9C84-368BE1371FED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{DE38BE8F-47C8-49E6-81D2-4893C99909E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ECF59543-6B4D-472B-914B-0CC2D7CC6362}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EE573F82-ACA4-43DE-907E-1DC0D4C20E9A}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat 4.0\reader\acrord32.exe |
"TCP Query User{294FD7B7-0BF1-4804-9B8C-44AC4E0A5450}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{38B99604-D6CB-4B7D-99A4-51542332812F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4E15E34B-E5EC-4150-B0DC-D65B15D7062A}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=6 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |
"TCP Query User{5014267F-1F40-4238-A151-E7602A2CC8DE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{71B74D62-CF57-4401-AC2A-3771989983DE}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=6 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |
"TCP Query User{CA9A4F34-A3DA-4B21-9711-668DFA4EC684}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{F3CC5B42-6E6B-49A3-914B-D179937AF2E9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0556D590-2A24-4CE5-A64E-46E99F078885}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{137FBEB4-7013-479D-80C2-F46CB1BA5A5F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{19DAD353-AADD-497C-8F74-3AEDA59DD4B0}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=17 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |
"UDP Query User{37E5B782-25D5-4300-8624-E97133703540}C:\program files\easy-hide-ip\easy-hide-ip.exe" = protocol=17 | dir=in | app=c:\program files\easy-hide-ip\easy-hide-ip.exe |
"UDP Query User{737DF6AA-62AF-4A2C-B52C-F7B4411F4C43}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7671F4C5-695A-4145-BCB1-52949077980D}C:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{ADF24EAF-10B0-48CA-88AB-6750AEC117B6}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{27C0CED3-E9FA-4EA0-96AA-FAECE5F81033}" = Nero 7 Essentials
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = PC DVR-4-Net
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-8-5-7 (All Users)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.09
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"BitComet" = BitComet 1.30
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"DVD Flick_is1" = DVD Flick 1.3.0.7
"E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Easy-Hide-IP_is1" = Easy-Hide-IP 5.0.0.3
"FLV Player" = FLV Player 2.0 (build 25)
"GoPDFReader" = Go PDF Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ImgBurn" = ImgBurn
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MpcStar" = MpcStar 5.3
"Speccy" = Speccy
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2011 12:49:09 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 14/09/2011 12:49:09 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 14/09/2011 12:49:09 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 14/09/2011 12:49:10 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 14/09/2011 12:49:10 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/09/2011 12:49:11 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/09/2011 12:49:14 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/09/2011 12:49:14 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 14/09/2011 12:49:14 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 14/09/2011 12:49:14 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7010
Description =

[ Media Center Events ]
Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.

Error - 2/02/2010 3:57:34 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner . See ErrorCode
0x8007064a for more information.

Error - 2/02/2010 3:57:37 AM | Computer Name = Owner-PC | Source = ehRecvr | ID = 4
Description = Media Center is unable to communicate with the TV tuner PCDVR3101_3104
Tuner. See ErrorCode 0x80004005 for more information.

[ System Events ]
Error - 10/01/2013 7:00:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 10/01/2013 7:00:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/01/2013 7:02:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 10/01/2013 7:02:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/01/2013 7:42:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/01/2013 7:44:01 PM | Computer Name = Owner-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/01/2013 7:44:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/01/2013 7:45:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The InCD Helper service terminated with service-specific error %%1.

Error - 10/01/2013 7:45:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/01/2013 7:45:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-11 08:16:03
-----------------------------
08:16:03.326 OS Version: Windows 6.1.7601 Service Pack 1
08:16:03.326 Number of processors: 2 586 0x170A
08:16:03.327 ComputerName: OWNER-PC UserName: Owner
08:16:05.674 Initialize success
08:16:44.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:16:44.393 Disk 0 Vendor: WDC_WD10EADS-00M2B0 01.00A01 Size: 953868MB BusType: 3
08:16:44.471 Disk 0 MBR read successfully
08:16:44.472 Disk 0 MBR scan
08:16:44.473 Disk 0 Windows 7 default MBR code
08:16:44.480 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953866 MB offset 2048
08:16:44.483 Disk 0 scanning sectors +1953519616
08:16:44.669 Disk 0 scanning C:\Windows\system32\drivers
08:16:50.233 Service scanning
08:16:59.139 Modules scanning
08:17:02.553 Disk 0 trace - called modules:
08:17:02.582 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys
08:17:02.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8602d7b8]
08:17:02.586 3 CLASSPNP.SYS[895aa59e] -> nt!IofCallDriver -> [0x85b7ac30]
08:17:02.589 5 ACPI.sys[88eaa3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852b1610]
08:17:02.592 Scan finished successfully
08:17:40.087 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
08:17:40.090 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/11/2013 08:34:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:4021) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01112013_02d0834.txt >>
RKreport[1]_S_01112013_02d0834.txt



Hope that's all okay, I done my best LOL

Many thank yous


Ricky


  • 0

#8
godawgs
Posted 11 January 2013 - 11:02 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Ricky_22, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

Please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

In your previous post you stated:

it particularly targets my e-mail (I use incredimail)

Unfortunately, that's part of the problem

I have dropped Norton antivirus, I had it on a 30 day trial - I have been with AVG a couple of years and it works well lol -

Acknowledged. You should never have more than one antivirus installed and running on the computer at the same time.
Question: Are you running the AVG Firewall?

I run CC - which I also keep up-to-date and Ashampoo Win Optimizer 6 - (they never updated that, and I haven't upgraded to their new version)

I noticed that.

Registry Cleaning Tools

CCleaner is a fine program, but please do not use the registry cleaner in this tool or the Ashampoo program. And for that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

You have the following Peer-to-Peer program(s) installed:

BitComet

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.

NOTE: There are a few things to do here. I would recommend that you print these instructions or save them to a text file before beginning. That way you will have them handy.
IF you have any questions, STOP and ASK before proceeding.


Step-1.

Malicious program uninstalls and Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

BitComet 1.30
IncrediMail 2.0
IncrediMail MediaBar 2 Toolbar

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\BitComet
C:\Users\Owner\AppData\Roaming\BitComet
C:\Program Files\IncrediMail
C:\Program Files\IncrediMail_MediaBar_2

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2012/12/09 17:27:01 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
MOD - [2012/12/09 17:27:01 | 000,268,272 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/12/09 17:27:01 | 000,133,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/12/09 17:27:01 | 000,071,664 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/12/09 17:27:01 | 000,032,680 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
SRV - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31A43B31-2F2A-4038-999D-D590533E4478}\MpKslffcf2105.sys -- (MpKslffcf2105)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{333804DA-11C5-4170-A452-FE4B17BCE577}\MpKslf19de14c.sys -- (MpKslf19de14c)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DC5044D-52C1-4D71-904C-D328480D198A}\MpKsl5c9dbdbc.sys -- (MpKsl5c9dbdbc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...7-D843DD0F4BB7}
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...game_search_box
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6R7N7T2fgE
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021
FF - HKLM\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin: C:\Program Files\MyWebFace_5a\bar\1.bin\NP5aStub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files\MyWebFace_5a\bar\1.bin [2012/05/23 10:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/09 17:29:32 | 000,000,000 | ---D | M]
[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:FILES
ipconfig /flushdns /c
C:\Program Files\MyWebFace_5a
C:\Program Files\Web Assistant
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Step-A.
Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • The Home button should now be displayed in Chrome's address bar, along with an added option directly below the Show
    Home button setting. The default behavior of the Home button is to load Chrome's New Tab page.
  • To specify a particular URL as your home page, click on the Change link (circled in the image below).

    Posted Image

    The Home page dialog should now be displayed, as shown in the image below.

    Posted Image
  • First, click on the radio button beside Open this page:
  • Next, enter the desired URL of your new home page, like http://www.google.com/.
  • Finally, once you are satisfied with your new setting, click on the OK button.
Step-B.
Remove a Search engine

  • Click the tools menu icon Posted Image
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
    • Remove a search engine: Select anything with Conduit or Search Conduit in the search engine and click the x that appears at the end of the row.
  • Close the browser

Step-4.

There are some files I need scanned.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    • C:\Windows\System32\tzres.dll
      C:\Windows\is-VFVUN.exe
      C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
      C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
      C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about the AVG firewall.
2. Let me know which programs you uninstalled
3. The OTL fixes log
4. The new OTL.txt log
5. The VirusTotal results or URL links
6. How is the computer running?
  • 0

#9
Ricky_22
Posted 12 January 2013 - 05:29 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
Godawgs, if I delete 'incredimail' will I loose all my mails that are presently there? those that are in my saved folder and those that are in the deleted items but not yet actually deleted!. Many of these I keep for references - and contain software/program purchase codes etc:



Ricky
  • 0

#10
godawgs
Posted 12 January 2013 - 12:42 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. That's your call. I will redo the instructions omitting Incredimail and re-post them. They were included because the files are part of Conduit. The Incredimail toolbar is reported to have spyware, adware and trackware. And those are known functions of Conduit.

I will be back shortly.
  • 0

Advertisements

#11
godawgs
Posted 12 January 2013 - 01:14 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Question: Are you running the AVG Firewall?


You have the following Peer-to-Peer program(s) installed:

BitComet

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.

NOTE: There are a few things to do here. I would recommend that you print these instructions or save them to a text file before beginning. That way you will have them handy.
IF you have any questions, STOP and ASK before proceeding.


Step-1.

Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

BitComet 1.30

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\BitComet
C:\Users\Owner\AppData\Roaming\BitComet

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
SRV - [2012/11/20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31A43B31-2F2A-4038-999D-D590533E4478}\MpKslffcf2105.sys -- (MpKslffcf2105)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{333804DA-11C5-4170-A452-FE4B17BCE577}\MpKslf19de14c.sys -- (MpKslf19de14c)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DC5044D-52C1-4D71-904C-D328480D198A}\MpKsl5c9dbdbc.sys -- (MpKsl5c9dbdbc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...7-D843DD0F4BB7}
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021
FF - HKLM\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin: C:\Program Files\MyWebFace_5a\bar\1.bin\NP5aStub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com: C:\Program Files\MyWebFace_5a\bar\1.bin [2012/05/23 10:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/12/09 17:29:32 | 000,000,000 | ---D | M]
[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} - No CLSID value found.
O3 - HKU\S-1-5-21-754179056-1382982999-2036298953-1000\..\Toolbar\WebBrowser: (no name) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:FILES
ipconfig /flushdns /c
C:\Program Files\MyWebFace_5a
C:\Program Files\Web Assistant
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Step-A.
Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • The Home button should now be displayed in Chrome's address bar, along with an added option directly below the Show
    Home button setting. The default behavior of the Home button is to load Chrome's New Tab page.
  • To specify a particular URL as your home page, click on the Change link (circled in the image below).

    Posted Image

    The Home page dialog should now be displayed, as shown in the image below.

    Posted Image
  • First, click on the radio button beside Open this page:
  • Next, enter the desired URL of your new home page, like http://www.google.com/.
  • Finally, once you are satisfied with your new setting, click on the OK button.
Step-B.
Remove a Search engine

  • Click the tools menu icon Posted Image
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
    • Remove a search engine: Select anything with Conduit or Search Conduit in the search engine and click the x that appears at the end of the row.
  • Close the browser

Step-4.

There are some files I need scanned.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    • C:\Windows\System32\tzres.dll
      C:\Windows\is-VFVUN.exe
      C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
      C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
      C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about the AVG firewall.
2. The OTL fixes log
3. The new OTL.txt log
4. The VirusTotal results or URL links
5. How is the computer running?
  • 0

#12
Ricky_22
Posted 13 January 2013 - 07:12 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
1) - yes

2a) -
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process ExtensionUpdaterService.exe killed successfully!
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
Service MpKslffcf2105 stopped successfully!
Service MpKslffcf2105 deleted successfully!
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31A43B31-2F2A-4038-999D-D590533E4478}\MpKslffcf2105.sys not found.
Service MpKslf19de14c stopped successfully!
Service MpKslf19de14c deleted successfully!
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{333804DA-11C5-4170-A452-FE4B17BCE577}\MpKslf19de14c.sys not found.
Service MpKsl5c9dbdbc stopped successfully!
Service MpKsl5c9dbdbc deleted successfully!
File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DC5044D-52C1-4D71-904C-D328480D198A}\MpKsl5c9dbdbc.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8040829d-1177-46e2-9157-8282438b79c7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8040829d-1177-46e2-9157-8282438b79c7}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f24df03f-d7f1-40b8-a63a-9d2be4908f39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f24df03f-d7f1-40b8-a63a-9d2be4908f39}\ not found.
Registry key HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry key HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MyWebFace_5a.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5affxtbr@MyWebFace_5a.com deleted successfully.
C:\Program Files\MyWebFace_5a\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\MyWebFace_5a\bar\1.bin\chrome folder moved successfully.
C:\Program Files\MyWebFace_5a\bar\1.bin folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
File move failed. \searchplugins\MyStart Search.xml scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32bfba07-b1fc-4764-bc21-4af8c6188ca5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32bfba07-b1fc-4764-bc21-4af8c6188ca5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{124D001A-BDCB-472F-AA59-BBE7E4BC3204} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32BFBA07-B1FC-4764-BC21-4AF8C6188CA5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32BFBA07-B1FC-4764-BC21-4AF8C6188CA5}\ not found.
Registry value HKEY_USERS\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
C:\Program Files\MyWebFace_5a\bar\Settings folder moved successfully.
C:\Program Files\MyWebFace_5a\bar\Message folder moved successfully.
C:\Program Files\MyWebFace_5a\bar\IE9Mesg folder moved successfully.
C:\Program Files\MyWebFace_5a\bar\gen1 folder moved successfully.
C:\Program Files\MyWebFace_5a\bar folder moved successfully.
C:\Program Files\MyWebFace_5a folder moved successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D}\5F7EB07F020E1BAB55EBEC0C70BCEBA9 folder moved successfully.
C:\ProgramData\Norton\{B7B64E4E-97E8-48AA-AF62-F11B5FF9819D} folder moved successfully.
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton\LocalDumps folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c\00000666 folder moved successfully.
C:\ProgramData\Norton\00000082\0000012c folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-05-00h06m17s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-23h46m42s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h59m21s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h59m19s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h59m05s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h58m50s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h58m27s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h58m11s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h57m26s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h56m59s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h56m38s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h56m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h55m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h55m43s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h55m25s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h55m10s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h54m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h54m36s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h54m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h54m02s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h53m39s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h53m19s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h52m55s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h52m35s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h52m12s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h51m55s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h51m35s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h51m14s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m57s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m46s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m45s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m43s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m42s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m41s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m39s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m38s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m35s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m34s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m33s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m31s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m30s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m28s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m27s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m24s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m23s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m22s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m21s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m18s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m16s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m15s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m14s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m12s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m10s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m08s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m05s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m04s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m03s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h50m02s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m59s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m57s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m56s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m52s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m50s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m46s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m45s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m43s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m42s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m39s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m38s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m36s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m34s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m33s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m30s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m29s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h49m23s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-20h45m06s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-07h10m25s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-04h46m29s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-03h55m43s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-03h54m14s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-03h44m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-01-04-03h38m17s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
File\Folder C:\Program Files\Web Assistant\ExtensionUpdaterService.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 4632465 bytes
->Temporary Internet Files folder emptied: 202218683 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 21782282 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2637652 bytes
RecycleBin emptied: 52814416 bytes

Total Files Cleaned = 271.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01132013_195514

Files\Folders moved on Reboot...
File move failed. \searchplugins\MyStart Search.xml scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W8FBL1E9\ifr[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W8FBL1E9\ifr[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W8FBL1E9\ig[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\EasyRedirect.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2b) - OTL logfile created on: 13/01/2013 8:22:54 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.55% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 67.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 656.44 Gb Free Space | 70.47% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/01/09 03:22:17 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/21 19:43:20 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/12 10:37:50 | 000,633,696 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll


========== Services (SafeList) ==========

SRV - [2013/01/09 03:22:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2013/01/11 08:32:09 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U2800vid.sys -- (U2800Vid)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6DEA3357-2B99-4EED-936A-ADD045390116}: "URL" = http://www.google.co...Page={startPage}
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incre...game_search_box
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-10-10 13:41:53&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://au.search.yah...&p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6R7N7T2fgE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/01 16:34:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 20:41:52 | 000,000,000 | ---D | M]

[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2481032
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: IB Updater = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.550_0\
CHR - Extension: IncrediMail MediaBar 2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj\2.3.16.7_0\
CHR - Extension: Ashampoo US = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec\10.13.20.300_0\
CHR - Extension: New Tab for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: AVG Secure Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/13 19:55:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/11 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{593CA4D9-2A4A-4B38-B32D-099256A334FA}
[2013/01/11 08:24:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2013/01/11 08:14:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/04 06:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/04 06:00:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CF46172-03DE-4731-B3B0-1E305915A139}
[2013/01/04 04:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/01/02 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/01/02 03:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2012/12/29 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E58550-D6B0-4013-AA25-133CB20469BF}
[2012/12/26 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10566215-1643-4E75-98BA-D6C83B34A25B}
[2012/12/25 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31D8AB4E-135C-4CB2-B717-E911815F448C}
[2012/12/24 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687F8AE3-2648-475B-BC8E-01F699AAE412}
[2012/12/21 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/19 09:54:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D96D4F52-C55A-4A6D-86D1-0E6CD956A7DC}
[2011/11/22 22:57:22 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Users\Owner\cnmss Canon iP4500 series (Local).dll

========== Files - Modified Within 30 Days ==========

[2013/01/13 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 20:08:14 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:08:14 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:01:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 20:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 20:00:25 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/13 19:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 19:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000UA.job
[2013/01/12 18:57:27 | 000,001,968 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4500 series.lnk
[2013/01/12 18:15:45 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000Core.job
[2013/01/11 22:53:31 | 000,002,368 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 22:53:31 | 000,002,366 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/01/11 16:07:20 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/11 09:04:38 | 000,000,718 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:32:09 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/11 08:31:44 | 000,764,416 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller (1).exe
[2013/01/11 08:27:40 | 000,764,416 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe.63kuqyi.partial
[2013/01/11 08:17:40 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 08:14:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/11 07:42:26 | 000,007,235 | ---- | M] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/09 07:41:39 | 000,270,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 07:23:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 07:23:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 11:37:16 | 000,003,520 | ---- | M] () -- C:\Windows\System32\EasyRedirect.ini
[2013/01/07 11:37:16 | 000,002,040 | ---- | M] () -- C:\Windows\System32\EasyRedirectOff.ini
[2013/01/06 00:31:46 | 000,010,312 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/05 21:07:47 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/04 18:28:22 | 000,002,544 | ---- | M] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:42 | 000,002,608 | ---- | M] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:45 | 000,002,488 | ---- | M] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2013/01/02 03:54:39 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/12/24 08:45:53 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 08:43:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/21 19:49:05 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

========== Files Created - No Company Name ==========

[2013/01/11 09:04:33 | 000,000,718 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:32:09 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/11 08:31:44 | 000,764,416 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller (1).exe
[2013/01/11 08:27:39 | 000,764,416 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe.63kuqyi.partial
[2013/01/11 08:17:40 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 07:42:26 | 000,007,235 | ---- | C] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/11 07:31:43 | 000,001,968 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4500 series.lnk
[2013/01/06 00:31:43 | 000,010,312 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/04 18:28:20 | 000,002,544 | ---- | C] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:41 | 000,002,608 | ---- | C] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:42 | 000,002,488 | ---- | C] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2012/12/09 17:29:33 | 000,753,152 | ---- | C] () -- C:\Windows\is-VFVUN.exe
[2011/08/13 16:12:41 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/16 01:08:27 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/16 00:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
[2011/05/26 17:06:50 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/05/13 22:47:52 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/05/13 22:47:52 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/03 12:32:28 | 000,139,772 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/04/03 12:32:27 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/16 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2013/01/13 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Applian FLV and Media Player
[2012/10/26 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/11/12 15:07:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/10/12 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/10/10 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVSoftware
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2012/07/09 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CometPlayer
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2010/11/24 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gygan
[2012/06/09 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Icir
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/01 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2012/10/28 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2011/11/12 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RegGenie
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/11/29 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2012/07/06 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2012/10/10 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/06/08 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Umost
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/06/08 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yskyof

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


3) - Step A & B completed.

4) - https://www.virustot...sis/1358081825/

https://www.virustot...sis/1358082095/

https://www.virustot...sis/1358082212/

https://www.virustot...sis/1358082305/

https://www.virustot...sis/1358082407/


5)
Wow at this time quite smoothly - I did also remove the Incredimail Tool Bar.



Ricky ......




  • 0

#13
godawgs
Posted 13 January 2013 - 12:49 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the update. :) The search.conduit entries are still showing in the Chrome homepage and default search engine.

NOTE: Please delete the following files from the desktop:

RogueKiller (1).exe
RogueKiller.exe.63kuqyi.partial

THEN download the following tools to the desktop and close the browser before running them.

Step-1.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32 bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better, the Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • Do Not delete anything at this time.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • Right click the adwcleaner.exe file and click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreport.txt log
2. The AdwCleaner[R1].txt log
  • 0

#14
Ricky_22
Posted 13 January 2013 - 02:25 PM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/11/2013 08:34:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:4021) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01112013_02d0834.txt >>
RKreport[1]_S_01112013_02d0834.txt





RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/14/2013 03:54:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost





¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_01142013_02d0354.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt




# AdwCleaner v2.105 - Logfile created 01/14/2013 at 04:18:45
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Perion
Folder Found : C:\Program Files\YouTube Downloader Toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Owner\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKCU\Software\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2481032
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Web Assistant
Key Found : HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Found : HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-754179056-1382982999-2036298953-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48", "hxxp://start.roboform.com", "hxxp://mystart.incredimail.com/mb156?a=6R7N7T2fgE" ]
Found [l.2035] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48", "hxxp://start.roboform.com", "hxxp://mystart.incredimail.com/mb156?a=6R7N7T2fgE" ]

*************************

AdwCleaner[R1].txt - [10325 octets] - [14/01/2013 04:18:45]

########## EOF - C:\AdwCleaner[R1].txt - [10386 octets] ##########




Ricky


  • 0

#15
godawgs
Posted 14 January 2013 - 12:07 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

5)
Wow at this time quite smoothly - I did also remove the Incredimail Tool Bar.

That's what we like to hear and thanks for the update.


Step-1.

Run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click the Registry tab and remove the checkmark beside this line:
    • [STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> FOUND
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
  • Next, click the ProxyFix button
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files with the date you ran the scan and deletions located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

There are a lot of residual entries from nasty toolbars. The AdwCleaner program will remove them, but it will also remove everything it found during the Scan. If you want to keep the toolbars like Ask and the AVG secure search and AVG Security Toolbar and the YouTube Downloader toolbar, you will need to reinstall them.

Re-run AdwCleaner Fix

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click The adwcleaner.exe file and click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.

    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-3.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Right click on the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreports.txt logs
2. The AdwCleaner[S1].txt log
3. The MalwareBytes log
4. The ESET Scan.txt log (IF it found anything)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP