Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't go anywhere [Solved]

Started by chaknik , Feb 24 2013 02:06 PM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 26 February 2013 - 08:19 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

.I had a dhcp default gateway and nameserver of 172.26.38.1 which turns out to be a non-existant domain.


Comes up as wireless-rtr.stanford.edu

Does that mean anything to you?

Now

There is a remnant of VIPRE Antivirus running on your Computer. Let's see if this utility will help you remove it. If it doesn't show up move on to the ComboFix script below:

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure Remove Security Application is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any [<<Application Name>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

If you haven't found Virpre using the AppRemover tool above run this CF fix and post the log back here. If you did find and remove it then come back and tell me.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
gfibto

File::
c:\windows\system32\drivers\gfibto.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

Advertisements

#17
chaknik
Posted 26 February 2013 - 09:46 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I don't have a clue what the 172.26.38.1 ...stanford.edu refers to, never heard of it. I didn't find Virpre in the first scan. Windows Defender was the only entry. Ran the Combofix with the added script, results here:

ComboFix 13-02-26.01 - FREDA 02/26/2013 21:22:42.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2731 [GMT -6:00]
Running from: c:\documents and settings\FREDA\Desktop\Geeks2Go\ComboFix.exe
Command switches used :: c:\documents and settings\FREDA\Desktop\Geeks2Go\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\gfibto.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\gfibto.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GFIBTO
-------\Service_gfibto
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 02:56 . 2013-02-27 02:56 -------- d-----w- c:\program files\Conduit
2013-02-27 02:56 . 2013-02-27 03:12 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\OPSWAT
2013-02-27 02:56 . 2013-02-27 02:56 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Conduit
2013-02-27 02:56 . 2013-02-27 02:56 -------- d-----w- c:\program files\OPSWAT
2013-02-27 02:56 . 2013-02-27 02:56 -------- d-----w- c:\program files\opswatutilities
2013-02-27 01:14 . 2013-02-27 01:22 -------- d-----w- c:\documents and settings\FREDA\Application Data\WTouch
2013-02-27 01:12 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-02-27 01:12 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-02-26 06:02 . 2009-01-09 22:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2013-02-26 06:02 . 2013-02-26 06:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AdminHelper
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\LG Electronics
2013-02-26 04:36 . 2013-02-26 04:36 -------- d-----w- C:\_OTL
2013-02-25 22:04 . 2013-02-25 22:04 -------- d-----w- c:\documents and settings\FREDA\Application Data\TuneUp Software
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\FREDA\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-24 17:44 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-23 23:14 . 2013-02-23 23:36 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Anvil Studio
2013-02-23 23:03 . 2013-02-23 23:03 -------- d-----w- c:\program files\Anvil Studio 2012
2013-02-23 03:50 . 2013-02-23 03:50 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\attcm_AppStart
2013-02-22 23:50 . 2013-02-22 23:50 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-20 22:22 . 2013-02-20 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2013-02-20 22:20 . 2013-02-26 05:06 -------- d-----w- c:\documents and settings\FREDA\Application Data\LavasoftStatistics
2013-02-20 21:58 . 2013-02-20 21:58 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\adawarebp
2013-02-20 21:58 . 2013-02-26 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-02-20 21:57 . 2013-02-20 21:57 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-20 21:57 . 2013-02-26 05:06 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-20 21:55 . 2013-02-20 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-02-20 21:52 . 2013-02-20 21:52 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-02-20 21:52 . 2013-02-21 22:45 -------- d-----w- c:\documents and settings\FREDA\Application Data\Ad-Aware Antivirus
2013-02-20 19:21 . 2013-02-20 19:21 120 ----a-w- C:\aaw7boot.cmd
2013-02-15 19:43 . 2013-02-15 19:43 -------- d-----w- c:\windows\system32\{userdocs}
2013-02-14 15:03 . 2013-02-14 15:03 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Sun
2013-02-10 21:44 . 2013-02-10 21:44 -------- d-----w- c:\program files\Common Files\Java
2013-02-10 21:44 . 2013-02-10 21:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 22:17 . 2013-02-08 22:17 -------- dc-h--w- c:\windows\ie8
2013-02-08 22:03 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-08 13:58 . 2013-02-08 13:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-07 23:11 . 2013-02-07 23:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-02-07 20:20 . 2013-02-07 20:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-02-07 20:18 . 2013-02-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2013-01-31 02:52 . 2013-01-31 02:52 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-01-31 02:52 . 2013-01-31 02:52 773968 ----a-w- c:\windows\system32\msvcr100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 21:43 . 2012-07-23 18:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-10 21:43 . 2012-07-23 18:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-10 21:43 . 2010-05-12 11:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-10 03:48 . 2012-06-09 15:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:48 . 2011-05-26 23:52 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 16:06 . 2013-01-20 17:49 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-18 16:06 . 2012-12-18 16:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 16:06 . 2012-12-18 16:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 16:06 . 2012-12-18 16:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 16:06 . 2012-12-18 16:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-12-18 16:06 . 2012-12-18 16:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-12-18 16:06 . 2012-12-18 16:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-12-18 16:06 . 2012-12-18 16:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-12-18 16:06 . 2012-12-18 16:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-12-18 16:06 . 2012-12-18 16:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-12-18 16:06 . 2012-12-18 16:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-12-18 16:06 . 2012-12-18 16:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-12-18 16:06 . 2012-12-18 16:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-12-18 16:06 . 2012-12-18 16:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-12-18 16:06 . 2012-12-18 16:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-12-18 16:06 . 2012-12-18 16:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-12-18 16:06 . 2012-12-18 16:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-12-18 16:06 . 2013-01-20 17:49 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-18 16:06 . 2013-01-20 17:49 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-12-18 16:06 . 2013-01-20 17:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2008-08-16 22:42 . 2013-02-05 23:07 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2013-02-05 23:07 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2013-02-05 23:07 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2013-02-05 23:07 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2013-02-05 23:07 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2013-02-05 23:07 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2013-02-05 23:07 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2013-02-05 23:07 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2013-02-05 23:07 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2013-02-05 23:07 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2013-02-05 23:08 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2013-02-05 23:08 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-02-05 23:08 . 2013-02-05 23:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930e0b10-6818-4828-86b0-07d60af809b6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{930e0b10-6818-4828-86b0-07d60af809b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{930e0b10-6818-4828-86b0-07d60af809b6}]
2012-11-06 12:01 183112 ----a-w- c:\program files\OPSWAT\prxtbOPSW.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930e0b10-6818-4828-86b0-07d60af809b6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{930e0b10-6818-4828-86b0-07d60af809b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930E0B10-6818-4828-86B0-07D60AF809B6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{930e0b10-6818-4828-86b0-07d60af809b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2012-12-18 219688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-31 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-01 04:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^EzWare EzDesk.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\EzWare EzDesk.lnk
backup=c:\windows\pss\EzWare EzDesk.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 -c--a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-21 00:44 1476104 ----a-w- c:\program files\SAMSUNG\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-21 00:44 310280 ----a-w- c:\program files\SAMSUNG\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1Ws_ftp\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kompozer\\KompoZer 0.7.10\\kompozer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
.
R2 AdminHelper.exe;AdminHelper.exe;c:\program files\AT&T\AT&T Communication Manager\AdminHelper.exe [12/18/2012 10:06 AM 56360]
R2 IERA;Sierra Wireless Error Reporting Agent;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [10/19/2011 3:40 PM 167280]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [6/24/2011 12:10 PM 238960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [12/25/2010 2:13 PM 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2010 2:14 PM 113448]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [10/19/2011 3:41 PM 215552]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [10/19/2011 3:41 PM 83968]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [10/19/2011 3:41 PM 209536]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/20/2013 11:52 AM 83168]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/29/2009 10:01 AM 11264]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/20/2013 11:52 AM 181344]
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 03:48]
.
2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN25469330963052698&ctid=CT3223346
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: friendsofjamesrogers.com\www
Trusted Zone: onlyimaginegraphics.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3223346&SearchSource=13&CUI=UN31097714688532383
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3223346&SearchSource=3&q={searchTerms}&CUI=UN31097714688532383
FF - prefs.js: browser.search.selectedEngine - OPSWAT Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3223346&SearchSource=2&CUI=UN31097714688532383&UM=UM_ID&q=
FF - ExtSQL: 2013-02-20 15:57; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2009-12-03 07:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 21:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796266127-4252608427-1798623780-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-02-26 21:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-27 03:32
.
Pre-Run: 317,104,369,664 bytes free
Post-Run: 317,000,773,632 bytes free
.
- - End Of File - - 3CCA082A70C18F27B5BEB0079523F676
  • 0

#18
emeraldnzl
Posted 26 February 2013 - 09:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Hopefully this run okay for you.

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles
  • 0

#19
chaknik
Posted 27 February 2013 - 08:30 AM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the OTL.txt

OTL logfile created on: 2/27/2013 8:09:27 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\FREDA\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 84.87% Memory free
7.07 Gb Paging File | 6.77 Gb Available in Paging File | 95.68% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 295.80 Gb Free Space | 63.51% Space Free | Partition Type: NTFS

Computer Name: FREDA | User Name: FREDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 12:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\Geeks2Go\OTL.exe
PRC - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2009/11/23 18:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/18 10:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 10:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 10:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 10:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 10:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 10:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 10:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 10:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 10:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 10:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 10:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 10:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 10:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 10:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 10:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 10:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/09 21:48:01 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:08:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/03/31 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/22 00:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrbsvsd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/19 22:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 22:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/19 09:49:54 | 000,209,536 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/28 12:50:44 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/01 02:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/18 10:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/15 15:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 15:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3223346
IE - HKCU\..\URLSearchHook: {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EA169F57-9B7E-4A36-9B14-D0A84A80F73A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...469330963052698
IE - HKCU\..\SearchScopes\{EA169F57-9B7E-4A36-9B14-D0A84A80F73A}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..browser.startup.homepage: "http://search.condui...97714688532383"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...97714688532383"
FF - prefs.js..browser.search.defaultthis.engineName: "OPSWAT Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "OPSWAT Customized Web Search"
FF - prefs.js..CT3223346.browser.search.defaultthis.engineName: "true"
FF - prefs.js..keyword.URL: "http://search.condui...83&UM=UM_ID&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/22 17:50:01 | 000,000,000 | ---D | M]

[2011/03/15 19:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions
[2013/02/26 20:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions
[2013/02/26 20:56:38 | 000,000,000 | ---D | M] (OPSWAT) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}
[2012/09/14 10:16:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/26 20:56:38 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\searchplugins\conduit.xml
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}(2)
[2013/02/05 17:08:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/10/22 10:59:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 11:00:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/26 21:29:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (OPSWAT Toolbar) - {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (OPSWAT Toolbar) - {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (OPSWAT Toolbar) - {930E0B10-6818-4828-86B0-07D60AF809B6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: friendsofjamesrogers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: onlyimaginegraphics.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.4.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258206523468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360358360593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\FREDA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FREDA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 16:35:31 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 21:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/26 20:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/02/26 20:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT
[2013/02/26 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit
[2013/02/26 20:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\OPSWAT
[2013/02/26 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\opswatutilities
[2013/02/26 19:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\WTouch
[2013/02/26 19:12:52 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2013/02/26 19:08:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/26 19:08:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/26 19:08:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/26 19:08:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/26 19:08:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/26 19:07:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/26 19:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/26 09:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Desktop\Geeks2Go
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AdminHelper
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013/02/25 22:36:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/25 16:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\TuneUp Software
[2013/02/25 08:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Start Menu\Programs\Revo Uninstaller
[2013/02/24 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Malwarebytes
[2013/02/24 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/24 11:44:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/24 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/23 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Anvil Studio
[2013/02/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Anvil Studio 2012
[2013/02/22 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\attcm_AppStart
[2013/02/20 16:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/20 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\LavasoftStatistics
[2013/02/20 15:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp
[2013/02/20 15:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/20 15:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/20 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/20 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/02/20 15:52:59 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/20 15:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus
[2013/02/20 11:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software
[2013/02/15 13:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Updater
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Detective
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA Detective
[2013/02/15 13:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA easyRip
[2013/02/15 13:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\{userdocs}
[2013/02/15 13:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA easyRip
[2013/02/14 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sun
[2013/02/11 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/02/10 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/10 15:44:10 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:44:04 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/08 16:17:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/08 16:03:20 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/02/08 13:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FREDA\Recent
[2013/02/08 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/02/08 07:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/02/07 14:20:23 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/07 14:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/05 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/30 20:52:48 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/01/30 20:52:46 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[35 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/27 07:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/26 23:20:35 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2013/02/26 21:40:36 | 000,569,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/26 21:40:36 | 000,110,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/26 21:36:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/26 21:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/26 21:36:27 | 3487,723,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 21:29:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/26 20:56:59 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 19:08:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/26 19:02:10 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Wyndham Search Availability.url
[2013/02/26 13:23:43 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/26 09:11:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/26 08:40:11 | 000,575,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/25 15:20:51 | 000,015,773 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 16:44:30 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/24 11:44:10 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 15:32:53 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Weather.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/22 14:11:02 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hostsoriginal
[2013/02/20 15:52:58 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/20 13:21:22 | 000,000,120 | ---- | M] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/17 07:45:30 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Barbie.url
[2013/02/16 21:23:14 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Not Doppler.url
[2013/02/15 13:43:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/13 14:32:20 | 000,000,033 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2013/02/10 15:43:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/10 15:43:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/10 15:43:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/10 15:43:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/10 15:43:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/09 21:48:01 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/09 21:48:00 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/09 16:31:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 17:02:57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/08 16:19:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 17:14:08 | 000,445,128 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130209-215509.backup
[2013/02/07 14:20:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/03 14:11:16 | 269,657,031 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/02/02 08:23:26 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2013/01/30 20:52:48 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/01/30 20:52:46 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/01/30 20:52:46 | 000,037,607 | ---- | M] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | M] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/30 16:20:34 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Smith Lake Water Level.url
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[35 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/26 20:56:26 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 19:08:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/26 19:08:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/26 19:08:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/26 19:08:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/26 19:08:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/26 19:08:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/26 19:08:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/25 15:14:33 | 000,015,773 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 11:44:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 17:03:19 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/23 17:03:19 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvil Studio 2012.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/20 13:21:22 | 000,000,120 | ---- | C] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/15 13:43:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/15 13:43:25 | 000,459,663 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\User Manual English_TH18XXC.pdf
[2013/02/09 16:31:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 11:48:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/02/03 15:18:17 | 223,809,133 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_104558_660.mp4
[2013/02/03 15:18:16 | 047,840,257 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_102509_094.mp4
[2013/02/03 15:18:01 | 250,078,030 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_110745_669.mp4
[2013/02/03 14:11:13 | 269,657,031 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/01/30 20:52:46 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/26 13:24:17 | 000,716,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796266127-4252608427-1798623780-1005-0.dat
[2013/01/26 13:24:17 | 000,346,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/11 12:23:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\rx_image.Cache
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/06/10 11:07:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/06/10 11:07:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/06/10 11:07:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/04/22 21:54:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\FREDA\.recently-used.xbel
[2011/11/06 11:35:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/06 11:30:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/09/02 20:38:05 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Pen_Tablet.dat
[2011/09/02 20:35:55 | 000,000,654 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/03/15 19:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/14 11:30:32 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\FREDA\Application Data\ViewerApp.dat
[2010/09/07 10:20:05 | 002,755,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/16 21:02:56 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 08:31:09 | 000,019,461 | ---- | C] () -- C:\Documents and Settings\FREDA\DModem_Trace.trc
[2009/04/07 13:50:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\SavedSkadoodle 2-by Freda.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\Roy's Toys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\DefaultMyDVD9 files:Roxio EMC Stream

< End of report >
  • 0

#20
emeraldnzl
Posted 27 February 2013 - 01:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3223346
IE - HKCU\..\URLSearchHook: {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EA169F57-9B7E-4A36-9B14-D0A84A80F73A}
IE - HKCU\..\SearchScopes\{EA169F57-9B7E-4A36-9B14-D0A84A80F73A}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3223346&SearchSource=13&CUI=UN31097714688532383"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3223346&SearchSource=3&q={searchTerms}&CUI=UN31097714688532383"
FF - prefs.js..browser.search.defaultthis.engineName: "OPSWAT Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "OPSWAT Customized Web Search"
FF - prefs.js..CT3223346.browser.search.defaultthis.engineName: "true"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3223346&SearchSource=2&CUI=UN31097714688532383&UM=UM_ID&q="
FF - user.js - File not found
[2011/03/15 19:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions
[2013/02/26 20:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions
[2013/02/26 20:56:38 | 000,000,000 | ---D | M] (OPSWAT) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}
[2012/09/14 10:16:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/26 20:56:38 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\searchplugins\conduit.xml
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
O2 - BHO: (OPSWAT Toolbar) - {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (OPSWAT Toolbar) - {930e0b10-6818-4828-86b0-07d60af809b6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (OPSWAT Toolbar) - {930E0B10-6818-4828-86B0-07D60AF809B6} - C:\Program Files\OPSWAT\prxtbOPSW.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
[2013/02/15 13:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Updater
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA Detective
[2013/02/15 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA Detective
[2013/02/15 13:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RCA easyRip
[2013/02/15 13:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\My Documents\RCA easyRip
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[35 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

:Files
C:\Program Files\Conduit
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit
C:\Program Files\OPSWAT
C:\Program Files\opswatutilities
C:\Program Files\Ad-Aware Antivirus
C:\WINDOWS\System32\sbbd.exe
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus
 C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software
ipconfig /flushdns /c

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#21
chaknik
Posted 27 February 2013 - 02:40 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I'm having a hard time getting to Geekstogo. I get the Google error I mentioned earlier and I can't do anything but close that window and keep trying. I finally connected to Geeks after maybe 30 tries. I also tried from my laptop, but it gave the same Google page???? Here's the OTL log





All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{930e0b10-6818-4828-86b0-07d60af809b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930e0b10-6818-4828-86b0-07d60af809b6}\ deleted successfully.
C:\Program Files\OPSWAT\prxtbOPSW.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA169F57-9B7E-4A36-9B14-D0A84A80F73A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA169F57-9B7E-4A36-9B14-D0A84A80F73A}\ not found.
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "http://search.condui...97714688532383" removed from browser.startup.homepage
Prefs.js: "http://search.condui...97714688532383" removed from browser.search.defaulturl
Prefs.js: "OPSWAT Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "OPSWAT Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "true" removed from CT3223346.browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...83&UM=UM_ID&q=" removed from keyword.URL
C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\Plugins folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\modules folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\META-INF folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\lib folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\defaults\preferences folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\defaults folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\sl folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\lib folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\core folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa\404 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\options folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\api folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb\al folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content\tb folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346\content folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome\CT3223346 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\chrome folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6} folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions folder moved successfully.
Folder C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{930e0b10-6818-4828-86b0-07d60af809b6}\ not found.
File C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi not found.
C:\Documents and Settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\searchplugins\conduit.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\confmgr.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930e0b10-6818-4828-86b0-07d60af809b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930e0b10-6818-4828-86b0-07d60af809b6}\ not found.
File C:\Program Files\OPSWAT\prxtbOPSW.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{930e0b10-6818-4828-86b0-07d60af809b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930e0b10-6818-4828-86b0-07d60af809b6}\ not found.
File C:\Program Files\OPSWAT\prxtbOPSW.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{930E0B10-6818-4828-86B0-07D60AF809B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{930E0B10-6818-4828-86B0-07D60AF809B6}\ not found.
File C:\Program Files\OPSWAT\prxtbOPSW.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA Updater folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA Detective folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RCA Detective folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RCA easyRip folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\SpecialOffers folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\VideoRec\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\VideoRec\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\VideoRec\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\VideoRec folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\UIString\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\UIString\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\UIString folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\SQLiteImporter\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\SQLiteImporter\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\SQLiteImporter\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\SQLiteImporter folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\specOff\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\specOff\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\specOff\default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\specOff folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Ripper\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Ripper\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Ripper\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Ripper folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Prefs\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Prefs\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Prefs\default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Prefs folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PlayerLib\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PlayerLib\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PlayerLib\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PlayerLib folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\playerinfo\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\playerinfo\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\playerinfo\default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\playerinfo folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PCLibrary\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PCLibrary\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PCLibrary\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\PCLibrary folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\MP3tunes\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\MP3tunes\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\MP3tunes\default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\MP3tunes folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Loader\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Loader\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Loader\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Loader folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Fitness\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Fitness\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Fitness\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Fitness folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Dock\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Dock\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Dock\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\Dock folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\AudioRec\SP folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\AudioRec\EN folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\AudioRec\Default folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin\AudioRec folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\skin folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\Playlists folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\Installer Offer Icons folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip\Encoder folder moved successfully.
C:\Documents and Settings\FREDA\My Documents\RCA easyRip folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1A.tmp deleted successfully.
C:\WINDOWS\System32\SET1DB.tmp deleted successfully.
C:\WINDOWS\System32\SET20B.tmp deleted successfully.
C:\WINDOWS\System32\SET3E.tmp deleted successfully.
C:\WINDOWS\System32\SET62.tmp deleted successfully.
C:\WINDOWS\System32\SET82.tmp deleted successfully.
C:\WINDOWS\System32\SETF0D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F3.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F6.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1F7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET223.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET224.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET225.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET226.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET227.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET32.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET33.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET34.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET35.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET36.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET56.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET57.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET58.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET59.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET5A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET7E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET9E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF25.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF26.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF27.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF28.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETF29.tmp deleted successfully.
========== FILES ==========
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\SearchInNewTab folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_en\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_en folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_CT3223346\ToolbarSettings folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_CT3223346\ToolbarLogin folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_CT3223346\ToolbarHiddenSettings folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository\conduit_CT3223346_CT3223346 folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Repository folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\MyStuffApps folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\Logs folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\ExternalComponent folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\EmailNotifier folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT\CacheIcons folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\OPSWAT folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\CT3223346 folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Conduit folder moved successfully.
C:\Program Files\OPSWAT folder moved successfully.
C:\Program Files\opswatutilities folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions folder moved successfully.
C:\Program Files\Ad-Aware Antivirus folder moved successfully.
C:\WINDOWS\System32\sbbd.exe moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T050529.968750PID2192 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T045825.343750PID2900 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T045817.046875PID2684 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T045145.187500PID2884 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T045140.937500PID2692 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T044123.140625PID2884 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T044116.843750PID2716 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T011537.265625PID2940 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130226T011531.062500PID2732 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T231742.109375PID2808 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T231739.062500PID2672 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T220631.125000PID3292 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T220629.875000PID3172 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T214215.156250PID3548 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130225T214206.515625PID2804 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T221408.390625PID3500 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T221404.468750PID3180 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T203459.031250PID3524 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T203454.687500PID3332 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T192131.015625PID4028 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T192122.421875PID3340 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T174055.359375PID3220 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T174052.734375PID2688 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T171713.890625PID2756 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T171704.546875PID1616 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T043202.921875PID2816 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130224T043200.250000PID2388 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130223T040249.625000PID3980 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130223T040245.515625PID3712 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130223T035032.562500PID3976 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130223T035029.062500PID3736 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T235254.921875PID3120 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T235244.859375PID2084 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T205650.718750PID3684 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T203035.859375PID3648 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T201905.390625PID3756 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T201309.125000PID3660 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T195859.109375PID3648 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T165109.078125PID3608 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130222T164403.375000PID3600 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130221T232610.343750PID3660 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130221T231958.828125PID3580 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130221T224811.531250PID3744 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130220T222257.156250PID3684 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130220T222248.906250PID3120 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs\20130220T215255.656250PID4716 folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Documents and Settings\FREDA\Application Data\Ad-Aware Antivirus folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software\CounterSpy folder moved successfully.
C:\Documents and Settings\FREDA\Local Settings\Application Data\Sunbelt Software folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\FREDA\Desktop\Geeks2Go\cmd.bat deleted successfully.
C:\Documents and Settings\FREDA\Desktop\Geeks2Go\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: FREDA
->Temp folder emptied: 6418057 bytes
->Temporary Internet Files folder emptied: 23740023 bytes
->Java cache emptied: 51092044 bytes
->FireFox cache emptied: 99138112 bytes
->Flash cache emptied: 1997546 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 668343 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 576 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 175.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_132956

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#22
emeraldnzl
Posted 27 February 2013 - 06:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I finally connected to Geeks after maybe 30 tries. I also tried from my laptop, but it gave the same Google page????


What made me think there might be a router infection. MBAM used to very good at locating and dealing with an old version of a router infection hence our trying to get it to work. Something appears to be blocking it though so we need to try some other solutions to try and free it up.

Have you tried resetting your router.

Disconnect your modem/router from the power supply. Wait at least 10 seconds and then restart. Wait until all the lights are back up and running - might take a minute or two and then see if you have wireless connection again.

Some modems have a battery which will keep lights running even though you have disconnected the power supply. For these there is a button you can press to close it down.

Next

  • Click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:

    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:

    netsh int ip reset c:\resetlog.txt

    Note the gaps... they should be there.
  • Reboot the computer.

Come back and tell me if that has made a difference.
  • 0

#23
chaknik
Posted 27 February 2013 - 07:52 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I ran the script at the command prompt. Could't tell that anything happened. I haven't been using a router, except for the last post. I've had the Aircard 313U plugged directly into a USB port on this computer. Only after having a great deal of trouble connecting to Geeks today and also trying with the laptop, I plugged the Aircard into the router and was then able to connect. As of now, the Aircard modem is plugged into this computer directly and I was able to connect to Geeks. It seems that nothing stays the same for long. Feeling kinda hopeless! Upon further testing, I was able to update mbam for the first time in weeks. Several browsing episodes have been good. I just hope I never see the Google crap again and hopefully links will continue to work. What do you think?

Edited by chaknik, 27 February 2013 - 08:40 PM.

  • 0

#24
emeraldnzl
Posted 27 February 2013 - 08:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

What do you think?


I think we are making progress but that we are not quite there yet.

Have you tried resetting that router?

Also do the other computers work okay when you plug the Aircard 313U directly into a USB port? In other words are you able to say there is something wrong with the router? Clearly we have removed a heck of a lot of malware that would be interfering with your connection but you might have something wrong with the router too.

I was able to update mbam for the first time in weeks


Are you able to run a scan with it?

I would also be interested to know if you can run an online scan with your computer plugged directly via the USB port.

See if you can run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#25
chaknik
Posted 28 February 2013 - 09:37 AM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Good morning to you. I did reset the router. I had the Aircard plugged directly into a usb port on the laptop when I got the same Google warning screen. I was able to browse to some websites on the laptop, but several times it timed out(Internet Explorer cannot display webpage).With the Aircard plugged directly into usb on third computer, was unable to connect to internet at all. Today, I have the Aircard plugged into the router. All three computers will connect to the internet and browse to websites(even Geeks2G0). This computer, for now, is browsing much better. The other two are slow as Christmas and time out very often. On this computer, I was again able to update mbam and ran a 'Quick Scan' just fine and it found no problems. I also ran the ESET online scan. Ran fine and found no infected files. Everything I've done today is with the Aircard plugged into the router. I just reread your instructions from your last post and I noticed that I failed to go into the 'Advanced Settings' of the ESET scan before I ran the scan. My bad. Sorry.

Edited by chaknik, 28 February 2013 - 09:49 AM.

  • 0

Advertisements

#26
emeraldnzl
Posted 28 February 2013 - 01:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

The other two are slow as Christmas and time out very often.


Suggests that they are infected too. Might be worth checking them out if you have the time. Once we have finished with this one you can post for the next one and so on. I find it best to do one machine at a time otherwise it can become very confusing.

I failed to go into the 'Advanced Settings' of the ESET scan before I ran the scan. My bad. Sorry.


Up to you but probably worth running a scan to check for those items as well just to make sure we haven't missed anything.

I also ran the ESET online scan. Ran fine and found no infected files.


I think you are good to go with that machine. :thumbsup:

Just need to reinstall a good anti-virus.

Here are three good antivirus free for personal use:

Here are two good firewalls free for personal use:


Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.


Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

Tell me what you want to do about your other computers i.e. do you want to continue in this thread with them?
  • 0

#27
emeraldnzl
Posted 28 February 2013 - 02:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

Further to my last post.

It occurs to me that we didn't fully check out that DhcpNameServer = 172.26.38.1

If you haven't run CleanUp yet let's see what we can find. If you have carried out the cleanup proceedures then please download OTL again and do the following:

  • Close all windows and open OTL again.
  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Click the None button at the top.
  • Under the Custom Scan box paste this in:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /s

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /s
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.

Note: If the log doesn't appear where you saved OTL then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Please copy (Edit->Select All, Edit->Copy) the contents post back here.
  • 0

#28
emeraldnzl
Posted 28 February 2013 - 03:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi again chaknik,

I see you have opened a topic at Bleeping Computers for help there with what looks like the same issue.

Receiving help from two forums can lead to conflicting actions which can break your computer.

You need to decide which forum you wish help from. I am happy for you to go to BC but please tell me so that I can close this topic.
  • 0

#29
chaknik
Posted 28 February 2013 - 04:26 PM

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I haven't run the clean-up yet. I'll run OTL with the added text and post it. The BleepingComputer post started several days ago and he just today replied. He originally was going to help me with the same machine you're dealing with but I explained the fact that you were already involved with this machine. I do have problems with two other computers and he is looking at one of them. I hope this won't hinder your efforts, I greatly appreciate your willingness and ability to help. When you are satisfied that this computer is clean, I have a laptop that is also very unstable. If you don't mind, I'd like for you to help clean it up. I'll run the OTL now and report back. Please don't close the topic until you're sure I'm clean. Here is the last OTL log:

OTL logfile created on: 2/28/2013 4:30:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\FREDA\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 83.78% Memory free
7.07 Gb Paging File | 6.72 Gb Available in Paging File | 94.94% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 295.83 Gb Free Space | 63.52% Space Free | Partition Type: NTFS

Computer Name: FREDA | User Name: FREDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 12:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\Geeks2Go\OTL.exe
PRC - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2009/11/23 18:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/11/23 18:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/18 10:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 10:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 10:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 10:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 10:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 10:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 10:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 10:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 10:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 10:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 10:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 10:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 10:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 10:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 10:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 10:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/09 21:48:01 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:08:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/03/31 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/22 00:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrbsvsd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/19 22:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 22:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/19 09:49:54 | 000,209,536 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/28 12:50:44 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/01 02:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/18 10:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/15 15:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 15:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 4A EB 46 63 15 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...469330963052698
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/27 13:29:59 | 000,000,000 | ---D | M]

[2013/02/27 13:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}(2)
[2013/02/05 17:08:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2012/10/22 10:59:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 11:00:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/26 21:29:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: friendsofjamesrogers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: onlyimaginegraphics.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.4.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258206523468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360358360593 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323E3141-105A-49C1-A74C-17F898A22C18}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 16:35:31 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/28 07:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/27 13:30:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/27 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2013/02/27 08:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\OPSWAT
[2013/02/26 21:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/26 19:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\WTouch
[2013/02/26 19:12:52 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2013/02/26 19:08:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/26 19:08:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/26 19:08:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/26 19:08:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/26 19:08:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/26 19:07:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/26 19:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/26 09:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Desktop\Geeks2Go
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AdminHelper
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013/02/25 22:36:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/25 16:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\TuneUp Software
[2013/02/25 08:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Start Menu\Programs\Revo Uninstaller
[2013/02/24 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Malwarebytes
[2013/02/24 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/24 11:44:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/24 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/23 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Anvil Studio
[2013/02/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Anvil Studio 2012
[2013/02/22 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\attcm_AppStart
[2013/02/20 16:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/20 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\LavasoftStatistics
[2013/02/20 15:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp
[2013/02/20 15:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/20 15:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/20 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/02/15 13:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\{userdocs}
[2013/02/14 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sun
[2013/02/11 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/02/10 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/10 15:44:10 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:44:04 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/08 16:17:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/08 16:03:20 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/02/08 13:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FREDA\Recent
[2013/02/08 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/02/08 07:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/02/07 14:20:23 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/07 14:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/05 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/30 20:52:48 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/01/30 20:52:46 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll

========== Files - Modified Within 30 Days ==========

[2013/02/28 15:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/27 23:10:47 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Alaskan Cruise.url
[2013/02/27 21:55:41 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2013/02/27 21:35:50 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Wyndham Search Availability.url
[2013/02/27 20:36:15 | 000,569,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/27 20:36:15 | 000,110,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/27 20:32:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/27 20:31:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/27 20:31:52 | 3487,723,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 15:18:22 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/27 09:41:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/27 08:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/26 21:29:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/26 20:56:59 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 13:23:43 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/26 09:11:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/26 08:40:11 | 000,575,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/25 15:20:51 | 000,015,773 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 11:44:10 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 15:32:53 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Weather.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/22 14:11:02 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hostsoriginal
[2013/02/20 13:21:22 | 000,000,120 | ---- | M] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/17 07:45:30 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Barbie.url
[2013/02/16 21:23:14 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Not Doppler.url
[2013/02/15 13:43:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/13 14:32:20 | 000,000,033 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2013/02/10 15:43:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/10 15:43:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/10 15:43:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/10 15:43:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/10 15:43:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/09 21:48:01 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/09 21:48:00 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/09 16:31:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 17:02:57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/08 16:19:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 17:14:08 | 000,445,128 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130209-215509.backup
[2013/02/07 14:20:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/03 14:11:16 | 269,657,031 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/02/02 08:23:26 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2013/01/30 20:52:48 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/01/30 20:52:46 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/01/30 20:52:46 | 000,037,607 | ---- | M] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | M] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/30 16:20:34 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Smith Lake Water Level.url

========== Files Created - No Company Name ==========

[2013/02/26 20:56:26 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 19:08:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/26 19:08:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/26 19:08:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/26 19:08:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/26 19:08:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/26 19:08:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/26 19:08:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/25 15:14:33 | 000,015,773 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 11:44:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 17:03:19 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/23 17:03:19 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvil Studio 2012.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/20 13:21:22 | 000,000,120 | ---- | C] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/15 13:43:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/15 13:43:25 | 000,459,663 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\User Manual English_TH18XXC.pdf
[2013/02/09 16:31:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 11:48:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/02/03 15:18:17 | 223,809,133 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_104558_660.mp4
[2013/02/03 15:18:16 | 047,840,257 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_102509_094.mp4
[2013/02/03 15:18:01 | 250,078,030 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_110745_669.mp4
[2013/02/03 14:11:13 | 269,657,031 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/01/30 20:52:46 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/26 13:24:17 | 000,716,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796266127-4252608427-1798623780-1005-0.dat
[2013/01/26 13:24:17 | 000,346,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/11 12:23:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\rx_image.Cache
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/06/10 11:07:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/06/10 11:07:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/06/10 11:07:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/04/22 21:54:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\FREDA\.recently-used.xbel
[2011/11/06 11:35:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/06 11:30:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/09/02 20:38:05 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Pen_Tablet.dat
[2011/09/02 20:35:55 | 000,000,654 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/03/15 19:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/14 11:30:32 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\FREDA\Application Data\ViewerApp.dat
[2010/09/07 10:20:05 | 002,755,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/16 21:02:56 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 08:31:09 | 000,019,461 | ---- | C] () -- C:\Documents and Settings\FREDA\DModem_Trace.trc
[2009/04/07 13:50:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /s >
"NV Hostname" = FREDA
"DataBasePath" = %SystemRoot%\System32\drivers\etc -- [2013/02/26 21:29:51 | 000,000,000 | ---D | M]
"ForwardBroadcasts" = 0
"IPEnableRouter" = 0
"Domain" =
"Hostname" = FREDA
"DeadGWDetectDefault" = 1
"CitrixBackupTcpWindowSize" = 0
"ArpCacheSize" = 200
"TCPCongestionControl" = 0
"NameServer" =
"TcpWindowSize" = 513920
"GlobalMaxTcpWindowSize" = 513920
"SackOpts" = 1
"TcpMaxDupAcks" = 2
"Tcp1323Opts" = 3
"DhcpDomain" = local.tld
"DhcpNameServer" = 192.168.0.1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface" = WANARP
"IpConfig" = Tcpip\Parameters\Interfaces\{64DC3 [Binary data over 200 bytes]
"NumInterfaces" = 4
"IpInterfaces" = 9E 38 DC 64 C9 8D 47 4E B8 DF 85 67 01 44 26 A6 51 32 3E E7 20 C7 28 43 B2 7E 7A 34 89 46 05 6D DA BE A0 79 A2 B8 5D 41 86 9B 9B D8 C7 D5 B5 E9 7B 41 F2 32 1C B7 92 4A 9A 93 3E DB A9 C6 1B 5C [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{089AFF16-5A05-409C-A50A-CDDF4B5340E6}]
"LLInterface" =
"IpConfig" = Tcpip\Parameters\Interfaces\{089AF [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{323E3141-105A-49C1-A74C-17F898A22C18}]
"LLInterface" =
"IpConfig" = Tcpip\Parameters\Interfaces\{323E3 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3FC30DEB-91E2-41D0-B339-CCB991FAB9D2}]
"LLInterface" = ARP1394
"IpConfig" = Tcpip\Parameters\Interfaces\{3FC30 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{89012BFA-D7E1-423D-88F2-ECC8754207BD}]
"LLInterface" =
"IpConfig" = Tcpip\Parameters\Interfaces\{89012 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AC07B155-EB1A-4B85-AC69-9DCCED827B7A}]
"LLInterface" =
"IpConfig" = Tcpip\Parameters\Interfaces\{AC07B [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{089AFF16-5A05-409C-A50A-CDDF4B5340E6}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"TcpMaxConnectRetransmissions" = 5
"NTEContextList" = [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"DhcpServer" = 255.255.255.255
"Lease" = 3600
"LeaseObtainedTime" = 1362066136
"T1" = 1362067936
"T2" = 1362069286
"LeaseTerminatesTime" = 1362069736
"AddressType" = 0
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"TcpWindowSize" = 513920
"IPAutoconfigurationAddress" = 0.0.0.0
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{323E3141-105A-49C1-A74C-17F898A22C18}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000002 [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"DhcpServer" = 192.168.0.1
"Lease" = 43200
"LeaseObtainedTime" = 1362085739
"T1" = 1362105454
"T2" = 1362121654
"LeaseTerminatesTime" = 1362128939
"AddressType" = 0
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"DhcpRetryTime" = 19715
"DhcpRetryStatus" = 0
"DhcpIPAddress" = 192.168.0.137
"DhcpSubnetMask" = 255.255.255.0
"IPAutoconfigurationAddress" = 0.0.0.0
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
"DhcpDomain" = local.tld
"DhcpNameServer" = 192.168.0.1
"DhcpDefaultGateway" = 192.168.0.1 [binary data]
"DhcpSubnetMaskOpt" = 255.255.255.0 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32F2417B-B71C-4A92-9A93-3EDBA9C61B5C}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"NTEContextList" = [binary data]
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
"RegistrationEnabled" = 0
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"RegisterAdapterName" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3FC30DEB-91E2-41D0-B339-CCB991FAB9D2}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{64DC389E-8DC9-4E47-B8DF-8567014426A6}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"RegisterAdapterName" = 0
"RegistrationEnabled" = 0
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79A0BEDA-B8A2-415D-869B-9BD8C7D5B5E9}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89012BFA-D7E1-423D-88F2-ECC8754207BD}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000004 [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC07B155-EB1A-4B85-AC69-9DCCED827B7A}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000003 [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E73E3251-C720-4328-B27E-7A348946056D}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"NTEContextList" = [binary data]
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"RegistrationEnabled" = 0
"RegisterAdapterName" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance" = 0
"HelperDllName" = %SystemRoot%\System32\wshtcpip.dll -- [2008/04/14 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 16
"MinSockAddrLength" = 16
"Mapping" = 0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 [Binary data over 200 bytes]

< >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /s >
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{089AFF16-5A05-409C-A50A-CDDF4B5340E6}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"TcpMaxConnectRetransmissions" = 5
"NTEContextList" = [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"DhcpServer" = 255.255.255.255
"Lease" = 3600
"LeaseObtainedTime" = 1362066136
"T1" = 1362067936
"T2" = 1362069286
"LeaseTerminatesTime" = 1362069736
"AddressType" = 0
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"TcpWindowSize" = 513920
"IPAutoconfigurationAddress" = 0.0.0.0
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{323E3141-105A-49C1-A74C-17F898A22C18}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000002 [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"DhcpServer" = 192.168.0.1
"Lease" = 43200
"LeaseObtainedTime" = 1362085739
"T1" = 1362105454
"T2" = 1362121654
"LeaseTerminatesTime" = 1362128939
"AddressType" = 0
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"DhcpRetryTime" = 19715
"DhcpRetryStatus" = 0
"DhcpIPAddress" = 192.168.0.137
"DhcpSubnetMask" = 255.255.255.0
"IPAutoconfigurationAddress" = 0.0.0.0
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
"DhcpDomain" = local.tld
"DhcpNameServer" = 192.168.0.1
"DhcpDefaultGateway" = 192.168.0.1 [binary data]
"DhcpSubnetMaskOpt" = 255.255.255.0 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32F2417B-B71C-4A92-9A93-3EDBA9C61B5C}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"NTEContextList" = [binary data]
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
"RegistrationEnabled" = 0
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"RegisterAdapterName" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3FC30DEB-91E2-41D0-B339-CCB991FAB9D2}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{64DC389E-8DC9-4E47-B8DF-8567014426A6}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"RegisterAdapterName" = 0
"RegistrationEnabled" = 0
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79A0BEDA-B8A2-415D-869B-9BD8C7D5B5E9}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89012BFA-D7E1-423D-88F2-ECC8754207BD}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000004 [binary data]
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC07B155-EB1A-4B85-AC69-9DCCED827B7A}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000003 [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E73E3251-C720-4328-B27E-7A348946056D}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"NTEContextList" = [binary data]
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
"DhcpClassIdBin" = Reg Error: Value error. -- File not found
"RegistrationEnabled" = 0
"RegisterAdapterName" = 0

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\SavedSkadoodle 2-by Freda.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\Roy's Toys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\DefaultMyDVD9 files:Roxio EMC Stream

< End of report >

Edited by chaknik, 28 February 2013 - 04:35 PM.

  • 0

#30
emeraldnzl
Posted 28 February 2013 - 05:16 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

He originally was going to help me with the same machine you're dealing with but I explained the fact that you were already involved with this machine. I do have problems with two other computers and he is looking at one of them. I hope this won't hinder your efforts


No that's fine as long as he is aware we are working still and that he and I aren't dealing with the same machine. If he does something to the router I need to know in case it has implications for the machines we are still working with. :)

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...469330963052698
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP