[sharokc]

dell alienware aurora running xp. won't install anything downloaded. have tried using restoration disc that i received with unit but it runs for about 3 minutes and shuts down whole system. has more than one antivirus program running (don't know how that happened) but cannot uninstall any of them. tried to install ie9 but would not. i restarted first thing this morning and it had 9 updates to install and seemed to do that just fine. weird. i have copied and pasted my otl log below and attached it as well. don't know which you prefer. when it was finished i did not see an extras doc. please help. ultimatly desire to restore to factory and get a good antiV.

OTL logfile created on: 01/12/12 9:22:35 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

1023.23 Mb Total Physical Memory | 463.47 Mb Available Physical Memory | 45.29% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.39 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: WA68A7S1J249 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
PRC - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files\Cricket Broadband Connect\mPhonetools.exe (Avanquest Software)
PRC - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cricket Broadband Connect\Bytemobile\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Function Key Controller\FKC.exe (Arima Computer Corp.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
PRC - C:\Program Files\TouchFreeze\TouchFreeze.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Device.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DB.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
MOD - C:\Program Files\Cricket Broadband Connect\ModemWiz.dll ()
MOD - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Cricket Broadband Connect\VObject.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
MOD - C:\Program Files\TouchFreeze\TouchFreeze.exe ()
MOD - C:\Program Files\TouchFreeze\TouchFreeze.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Killer Port Manager) -- File not found
SRV - (HidServ) -- File not found
SRV - (VideoScavenger_1eService) -- C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe (COMPANYVERS_NAME)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SwiCardDetectSvc) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (swiwdmbus) -- C:\WINDOWS\system32\drivers\swiwdmbus.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (PTUMWVsp) -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\WINDOWS\system32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCDF) -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV - (PTUMWBus) -- C:\WINDOWS\system32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (WGX) -- C:\WINDOWS\system32\drivers\WGX.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.024\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.024\NAVENG.SYS (Symantec Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://sn116w.snt116...x?wa=wsignin1.0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...007a8020000200"
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.20681
FF - prefs.js..keyword.URL: "http://search.babylo...a8020000200&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket Broadband Connect\Bytemobile\addon\ [2011/03/25 21:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files\VideoScavenger_1e\bar\1.bin [2012/01/03 01:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Local Settings\Application Data\RewardsArcadeSuite\1950\Firefox [2012/01/06 02:47:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012/01/08 11:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 05:45:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 05:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/08 11:40:04 | 000,000,000 | ---D | M]

[2011/02/22 07:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/10 10:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions
[2012/01/06 02:47:28 | 000,000,000 | ---D | M] (MeFeedia) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
[2011/01/27 21:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/06 02:46:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/03 01:53:54 | 000,000,000 | ---D | M] (VideoScavenger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\1effxtbr@VideoScavenger_1e.com
[2012/01/08 11:01:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\[email protected]
[2011/02/17 01:40:53 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\searchplugins\bing-zugo.xml
[2011/05/03 21:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/08 11:01:36 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/18 14:53:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/12/18 14:53:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/10 09:24:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VideoScavenger) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe (Arima Computer Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)
O4 - HKLM..\Run: [VideoScavenger Search Scope Monitor] C:\Program Files\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoScavenger_1e Browser Plugin Loader] C:\Program Files\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VER_COMPANY_NAME)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe (AT&T)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
O4 - HKCU..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.video...13&n=2012010303 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: rapidsurveygroup.com ([www] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1286464238343 (WUWebControl Class)
O16 - DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} http://sketch.rapids...RapidSketch.cab (EmbeddedRapidSketch.EmbeddedSketchWithSecurityChecks)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.rapidsurv...RSG/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21C5652-4A9C-4478-B930-7179098AA9E5}: NameServer = 10.133.20.11 10.132.20.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/07 08:35:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun\command - "" = F:\Start.exe
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\menu1\command - "" = F:\Start.exe
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell - "" = AutoRun
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{fc1b5ed8-02a6-11e0-9133-7a8020000200}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 09:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/09 22:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/01/09 21:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NokiaAccount
[2012/01/08 11:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Nokia
[2012/01/08 11:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2012/01/08 11:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/01/08 11:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/08 11:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/01/08 11:35:33 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/01/08 11:34:24 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012/01/08 11:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PDF Reader
[2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
[2012/01/08 11:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/01/08 11:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/01/06 03:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\vGrabber
[2012/01/06 03:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[2012/01/06 02:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\w3itemplate
[2012/01/06 02:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mefeediatest
[2012/01/06 02:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\mefeediatest
[2012/01/06 02:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RewardsArcadeSuite
[2012/01/06 02:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\RewardsArcadeSuite
[2012/01/06 00:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34
[2012/01/06 00:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/05 23:51:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/01/03 23:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SSSSSSSS
[2012/01/03 01:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoScavenger_1e
[2012/01/03 01:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoScavenger_1eEI
[2012/01/03 00:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2012/01/01 19:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/01 05:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\how to's
[2012/01/01 05:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/12/29 00:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMule
[2011/12/29 00:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2011/12/28 23:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
[2011/03/25 21:57:03 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe11.dll

========== Files - Modified Within 30 Days ==========

[2012/01/12 09:25:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{94F167EE-7096-4173-8F22-F4FFAB67DEAE}.job
[2012/01/12 09:23:14 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1682526488-1801674531-500.job
[2012/01/12 09:23:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1682526488-1801674531-500.job
[2012/01/12 09:09:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/12 08:33:57 | 000,201,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/12 08:33:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 08:31:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/12 08:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 08:00:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 11:41:01 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
[2012/01/08 11:01:54 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/01/08 11:01:34 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PDF Reader.lnk
[2012/01/08 01:17:17 | 000,544,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 01:17:17 | 000,104,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 01:09:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/01/06 04:19:50 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vGrabber YouTube Download.lnk
[2012/01/06 00:21:04 | 000,465,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34.zip
[2012/01/05 23:51:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/01/03 03:17:34 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/01 04:41:43 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.db
[2011/12/19 12:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/01/08 11:41:00 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
[2012/01/08 11:01:53 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/01/08 11:01:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PDF Reader.lnk
[2012/01/08 01:09:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/01/08 01:09:58 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/01/08 01:09:57 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/01/06 03:40:49 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vGrabber YouTube Download.lnk
[2012/01/06 00:20:50 | 000,465,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34.zip
[2011/12/29 00:21:05 | 000,398,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.db
[2011/08/07 21:28:08 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/07 21:28:08 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/25 21:57:14 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2011/03/18 19:16:09 | 000,749,532 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1682526488-1801674531-500-0.dat
[2011/03/18 02:23:16 | 000,284,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/05 20:29:27 | 000,034,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/02/17 01:36:45 | 000,714,590 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/01/22 21:34:04 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/20 10:49:41 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/16 19:31:31 | 000,057,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/08 12:28:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 17:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2010/12/21 18:39:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/18 22:19:42 | 000,006,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2010/12/08 08:18:20 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/08 08:15:42 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/07 10:22:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/10/07 10:21:59 | 000,544,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 10:21:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/10/07 10:21:59 | 000,104,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/07 10:21:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/10/07 10:21:57 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/10/07 10:21:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/10/07 10:21:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/10/07 10:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/10/07 10:21:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/10/07 10:21:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/10/07 10:21:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/10/07 10:16:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 10:16:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/07 10:06:28 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/10/07 09:11:04 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.old
[2010/10/07 08:53:28 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.new
[2010/10/07 08:53:28 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.bfm
[2010/10/07 08:37:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/07 08:33:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 03:28:45 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 03:27:58 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 20:36:32 | 003,653,120 | ---- | C] () -- C:\Program Files\SSCERuntime_x64-ENU.msi
[2010/02/11 20:36:18 | 003,164,160 | ---- | C] () -- C:\Program Files\SSCERuntime_x86-ENU.msi
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/30 08:12:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/30 08:12:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/30 08:12:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/30 08:12:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/30 08:12:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/30 08:12:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/30 08:12:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/11/20 23:17:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2008/11/20 23:17:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 06:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2006/03/14 12:29:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/02/01 15:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2012/01/08 11:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2011/11/14 19:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.pruvan.PruvanOffice.D20FAAC2DD0C878F730FBC057EBFAB9559258FC2.1
[2011/02/17 01:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy MP3 Recorder
[2011/11/17 13:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/03/25 14:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Harmonisoft
[2012/01/06 02:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mefeediatest
[2011/11/05 22:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2011/01/20 16:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrimoPDF
[2011/08/16 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2010/12/10 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UniPrint
[2010/12/16 23:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VTExtra
[2012/01/06 02:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\w3itemplate
[2010/12/21 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/12/22 05:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/03/17 20:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/10/19 05:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/16 16:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/08 11:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/03/25 21:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/10/06 12:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/02/01 15:32:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/16 16:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2011/11/05 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/16 16:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/08 11:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/08 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/11/05 22:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/16 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2011/08/06 03:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/16 16:34:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{078F079E-0CB1-442E-A354-2D20AD5AD538}
[2011/01/16 13:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/12 09:25:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{94F167EE-7096-4173-8F22-F4FFAB67DEAE}.job

========== Purity Check ==========



< End of report >

Attached Files

•  OTL.Txt   97.38KB   114 downloads

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[sharokc]

Thank you so much for your reply. Since my original post I have not run any additional tools or fixes or anything like that. I'm listing the individual problems (symptoms) below as I recall them and hope I get them all

when i try to shut down machine it gets stuck on the "saving your settings" screen and will stay there for hours if i don't notice it. when i do see that it's stuck i just have to hold the power button to shut it off.

When i try to install a download (for example i attempted to get the trial software from micresoft for msoffice 2010) When the download was complete I went to the download folder to install and a box opened stating that there was already an installation in progress and i should wait until it was finished....blah blah, however there actually wasn't anything else in progress

it's terribly slow to download, load videos like from netflix, and whenever i try to watch will pause for anywhere from 5 to 30 minutes with the word "loading" on the screen, and whena it resumes it will only play about 30 seconds of video and goes into the pause again.

while using windows explorer anytime i right click on a selection on one of the bars like the command bar or menu bar to maybe rename something or whatever a box pops up with something about the symantic endpoint protection and to continue i have to click close on that window before actually getting the window i clicked to get in the first place. sometimes the symantec window comes up 2-3 times requiring me to click cancel before taking me to the window i was needing in the first place. (i hope that made sense)

i tried to restore the whole system using the restoration disc that came with it but it runs for about 3 or 4 minutes and the whole system just shuts down, turns completely off. when i start it up again nothing has changed and there is no explaination. it won't read other discs either, like audio or video discs.
trying to remove or uninstall something from the control panel add remove programs window won't allow it half the time.

Now i'm having trouble downloading and installing "silverlight" I had it on once but became corrupted and would no longer work with netflix so they suggested that I delete and re-install. no luck. the resulting window said that a copy of it already existed on my machine but it wasn't in any menu and didn't start auto when i clicked to watch a video.

just now an error screen appeared to i saved a prntscrn copy and have attached it to this so you could see it.

when i use a data card to transfer items from this maching to another the other machine has error msgs indicating that the disc is either corrupted or infected and if i allow it to scan it before opening it theres nothing left on it when it does open.

In the control panel there are several icons for "bluetooth device" and i don't know why cuz i only have 1 other bt device which is my nokia phone. and btw it won't connect to any bluetooth right now anyway.
There are so many random errors and ie shut downs and windows explorer shutdowns that i may just have to keep doing what i do on it until they happen again in order to get more detail to you but in any case there's not always an error code when it happens.

just one more thing before i run the otl.
I recently stopped doing a job i'd been doing for the last 4 years which required that i use several different company websites to upload collected data and photos to. most of them also required that i install their particular software to use offline as well as a few different sketching tools, a different one for each company. anyway since i stopped doing these jobs i deleted many many old photos and at least attempted to uninstall any software i no longer needed which was a huge job especially with the problems i'm haveing with this system. the point i'm trying to make now is that other than the personal photos in my pictures file there is nothing on this maching that i live without. and i'm trying to find a place to store them online since i cant xfer anything by card or disc. and just so you know i try to never download toolbars, hate em, or let websites change my homepage settings or anything like that. infact other than the corporate websites i was having to download from the only other place i went to for downloads is microsoft or other reputable ones if that even makes a difference. ok well i'm sure you'll just have to see the otl and then just pick something to start with so here goes and thanks again.

otl to follow:

OTL logfile created on: 01/17/12 8:04:50 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

1023.23 Mb Total Physical Memory | 246.79 Mb Available Physical Memory | 24.12% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 1.64 Gb Free Space | 2.93% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 1.63 Gb Free Space | 88.44% Space Free | Partition Type: FAT

Computer Name: WA68A7S1J249 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
PRC - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files\Cricket Broadband Connect\mPhonetools.exe (Avanquest Software)
PRC - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\PC Internet Access\NPCIA.exe (Nokia)
PRC - C:\Program Files\Cricket Broadband Connect\Bytemobile\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Documents and Settings\Administrator\Templates\O42525Z\winlogon.exe ()
PRC - C:\WINDOWS\M13616\EmangEloh.exe ()
PRC - C:\WINDOWS\M13616\smss.exe ()
PRC - C:\Documents and Settings\Administrator\Templates\O42525Z\service.exe ()
PRC - C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
PRC - C:\Program Files\TouchFreeze\TouchFreeze.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Device.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DB.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Cricket Broadband Connect\ModemWiz.dll ()
MOD - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
MOD - C:\Program Files\Nokia\PC Internet Access\GraphicsResources.ngr ()
MOD - C:\Program Files\Nokia\PC Internet Access\TextResources_eng-us.nlr ()
MOD - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
MOD - C:\Documents and Settings\Administrator\Templates\O42525Z\winlogon.exe ()
MOD - C:\WINDOWS\M13616\EmangEloh.exe ()
MOD - C:\WINDOWS\M13616\smss.exe ()
MOD - C:\Documents and Settings\Administrator\Templates\O42525Z\service.exe ()
MOD - C:\Program Files\Cricket Broadband Connect\VObject.dll ()
MOD - C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
MOD - C:\Program Files\TouchFreeze\TouchFreeze.exe ()
MOD - C:\Program Files\TouchFreeze\TouchFreeze.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Killer Port Manager) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SwiCardDetectSvc) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (swiwdmbus) -- C:\WINDOWS\system32\drivers\swiwdmbus.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (PTUMWVsp) -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\WINDOWS\system32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCDF) -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV - (PTUMWBus) -- C:\WINDOWS\system32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (WGX) -- C:\WINDOWS\system32\drivers\WGX.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.024\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090114.024\NAVENG.SYS (Symantec Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....en&shva=1#inbox
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://sn116w.snt116...x?wa=wsignin1.0
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...007a8020000200"
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.20681
FF - prefs.js..keyword.URL: "http://search.babylo...a8020000200&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket Broadband Connect\Bytemobile\addon\ [2011/03/25 21:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 16:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 04:28:03 | 000,000,000 | ---D | M]

[2011/02/22 07:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/01/14 15:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions
[2012/01/14 15:22:07 | 000,000,000 | ---D | M] (MeFeedia) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
[2011/01/27 21:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/14 15:22:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/14 15:25:20 | 000,000,000 | ---D | M] (VideoScavenger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\1effxtbr@VideoScavenger_1e.com
[2012/01/14 15:21:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\[email protected]
[2011/02/17 01:40:53 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\searchplugins\bing-zugo.xml
[2011/05/03 21:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/08 11:01:36 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/18 14:53:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/12/18 14:53:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/10 09:24:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [T25Z162] C:\WINDOWS\sa-077400.exe ()
O4 - HKLM..\Run: [T25Z627] C:\WINDOWS\sa-77400.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe (AT&T)
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [NokiaPCInternetAccess] C:\Program Files\Nokia\PC Internet Access\NPCIA.exe (Nokia)
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [T1136400TT4] C:\WINDOWS\system32\16276867285l.exe ()
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)
O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\sql.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Search - http://tbedits.telev...EE&n=2011102822 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\..Trusted Domains: rapidsurveygroup.com ([www] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1286464238343 (WUWebControl Class)
O16 - DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} http://www.cisgroup....RapidSketch.cab (EmbeddedRapidSketch.EmbeddedSketchWithSecurityChecks)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.rapidsurv...RSG/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21C5652-4A9C-4478-B930-7179098AA9E5}: NameServer = 10.133.20.11 10.132.20.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Administrator\Templates\O42525Z\TuxO42525Z.exe") -C:\Documents and Settings\Administrator\Templates\O42525Z\TuxO42525Z.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ("C:\WINDOWS\M13616\Ja178143bLay.com") -C:\WINDOWS\M13616\Ja178143bLay.com ()
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - 16276867285l.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/07 08:35:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell - "" = AutoRun
O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell - "" = AutoRun
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun\command - "" = F:\Start.exe
O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\menu1\command - "" = F:\Start.exe
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell - "" = AutoRun
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{fc1b5ed8-02a6-11e0-9133-7a8020000200}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 06:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/16 08:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EVERYTHING EBAY
[2012/01/15 07:34:17 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/15 06:10:39 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/15 05:20:24 | 004,589,801 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mban.com.exe
[2012/01/14 16:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/14 15:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SEND TO JUDY
[2012/01/14 15:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EVERYTHING VECTRA
[2012/01/14 15:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EVERYTHING CIS
[2012/01/14 15:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SHARONS CRAFT STUFF
[2012/01/14 15:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\REWRITE SHORTER
[2012/01/14 15:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/01/14 15:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2012/01/14 15:42:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\M13616
[2012/01/14 15:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X40224go
[2012/01/14 15:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI
[2012/01/14 15:37:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/01/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TAXES
[2012/01/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TAKE TO K FINDLEY
[2012/01/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SHARON JOB HUNTING
[2012/01/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PRINT FOR ME
[2012/01/14 15:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\EVERYTHING CACS
[2012/01/08 11:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Nokia
[2012/01/08 11:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/08 11:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
[2012/01/08 11:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/01/06 02:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mefeediatest
[2012/01/06 02:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\mefeediatest
[2012/01/06 02:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RewardsArcadeSuite
[2012/01/06 02:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\RewardsArcadeSuite
[2012/01/06 00:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34
[2012/01/06 00:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/03 23:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SSSSSSSS
[2012/01/03 01:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoScavenger_1e
[2011/12/29 00:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2011/12/28 23:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
[2011/03/25 21:57:03 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe11.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 08:05:12 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1682526488-1801674531-500.job
[2012/01/17 08:05:12 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1682526488-1801674531-500.job
[2012/01/17 08:05:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{94F167EE-7096-4173-8F22-F4FFAB67DEAE}.job
[2012/01/17 07:35:27 | 000,059,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error now.pdf
[2012/01/17 07:09:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/17 06:07:37 | 000,201,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/17 06:06:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/17 06:04:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 12:24:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/16 04:26:19 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 04:17:18 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/16 03:41:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/16 03:28:20 | 000,559,516 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/16 03:28:20 | 000,110,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 08:02:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/15 06:10:39 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/15 05:20:24 | 004,589,801 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mban.com.exe
[2012/01/14 07:12:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/12 23:15:18 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/01/12 12:57:56 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/08 11:01:54 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/01/06 00:21:04 | 000,465,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34.zip
[2012/01/01 04:41:43 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.db
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 07:35:23 | 000,059,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error now.pdf
[2012/01/12 12:57:56 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2012/01/08 11:01:53 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/01/06 00:20:50 | 000,465,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JkDefrag-3.34.zip
[2011/12/29 00:21:05 | 000,398,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.db
[2011/10/29 16:38:01 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\sa-77400.exe
[2011/10/29 16:38:01 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\System32\16276867285l.exe
[2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\Ti867285ta.exe
[2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\sa-077400.exe
[2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\System32\016276867285l.exe
[2011/10/11 08:16:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/07 21:28:08 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/07 21:28:08 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/25 21:57:14 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2011/03/18 19:16:09 | 000,749,532 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1682526488-1801674531-500-0.dat
[2011/03/18 02:23:16 | 000,284,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/05 20:29:27 | 000,034,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/02/17 01:36:45 | 000,714,590 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/01/22 21:34:04 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/20 10:49:41 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/16 19:31:31 | 000,057,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/08 12:28:59 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 17:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2010/12/21 18:39:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/18 22:19:42 | 000,006,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2010/12/08 08:18:20 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/08 08:15:42 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/10/07 10:22:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/10/07 10:21:59 | 000,559,516 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 10:21:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/10/07 10:21:59 | 000,110,392 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/07 10:21:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/10/07 10:21:57 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/10/07 10:21:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/10/07 10:21:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/10/07 10:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/10/07 10:21:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/10/07 10:21:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/10/07 10:21:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/10/07 10:16:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 10:16:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/07 10:06:28 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/10/07 09:11:04 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.old
[2010/10/07 08:53:28 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.new
[2010/10/07 08:53:28 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\menu.bfm
[2010/10/07 08:37:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/07 08:33:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/07 03:28:45 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/07 03:27:58 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 20:36:32 | 003,653,120 | ---- | C] () -- C:\Program Files\SSCERuntime_x64-ENU.msi
[2010/02/11 20:36:18 | 003,164,160 | ---- | C] () -- C:\Program Files\SSCERuntime_x86-ENU.msi
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/30 08:12:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/30 08:12:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/30 08:12:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/30 08:12:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/30 08:12:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/30 08:12:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/30 08:12:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/11/20 23:17:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2008/11/20 23:17:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/15 06:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2006/03/14 12:29:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

Edited by sharokc, 17 January 2012 - 08:13 AM.

[Gammo]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-790525478-1682526488-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
  FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
  FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
  FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
  FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=100484&babsrc=HP_ss&mntrId=a8aa7e560000000000007a8020000200"
  FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.20681
  FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100484&babsrc=adbartrp&mntrId=a8aa7e560000000000007a8020000200&q="
  FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll ()
  [2012/01/14 15:22:07 | 000,000,000 | ---D | M] (MeFeedia) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
  [2012/01/14 15:22:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
  [2012/01/14 15:25:20 | 000,000,000 | ---D | M] (VideoScavenger) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\1effxtbr@VideoScavenger_1e.com
  [2012/01/14 15:21:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\extensions\[email protected]
  [2011/02/17 01:40:53 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\searchplugins\bing-zugo.xml
  [2012/01/08 11:01:36 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
  O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
  O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
  O4 - HKLM..\Run: [T25Z162] C:\WINDOWS\sa-077400.exe ()
  O4 - HKLM..\Run: [T25Z627] C:\WINDOWS\sa-77400.exe ()
  O4 - HKU\S-1-5-21-790525478-1682526488-1801674531-500..\Run: [T1136400TT4] C:\WINDOWS\system32\16276867285l.exe ()
  O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\sql.cmd ()
  O8 - Extra context menu item: &Search - http://tbedits.telev...EE&n=2011102822 File not found
  O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Administrator\Templates\O42525Z\TuxO42525Z.exe") -C:\Documents and Settings\Administrator\Templates\O42525Z\TuxO42525Z.exe ()
  O20 - HKLM Winlogon: UserInit - ("C:\WINDOWS\M13616\Ja178143bLay.com") -C:\WINDOWS\M13616\Ja178143bLay.com ()
  O31 - SafeBoot: AlternateShell - 16276867285l.exe
  O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell - "" = AutoRun
  O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{860d1122-0830-11e1-91eb-00c0a8cc50fa}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
  O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell - "" = AutoRun
  O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\AutoRun\command - "" = F:\Start.exe
  O33 - MountPoints2\{8f2556a4-023a-11e0-912c-0010c6ffd3ec}\Shell\menu1\command - "" = F:\Start.exe
  O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell - "" = AutoRun
  O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{ac41ec54-c876-11e0-91c8-0010c6ffd3ec}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
  O33 - MountPoints2\{fc1b5ed8-02a6-11e0-9133-7a8020000200}\Shell\AutoRun\command - "" = E:\setupSNK.exe
  O37 - HKU\S-1-5-21-790525478-1682526488-1801674531-500\...exe [@ = exefile] -- Reg Error: Key error. File not found
  [2012/01/14 15:42:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\M13616
  [2012/01/14 15:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X40224go
  [2012/01/14 15:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI
  [2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
  [2012/01/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
  [2012/01/08 11:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
  [2012/01/06 02:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mefeediatest
  [2012/01/06 02:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\mefeediatest
  [2012/01/06 02:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RewardsArcadeSuite
  [2012/01/06 02:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\RewardsArcadeSuite
  [2012/01/03 01:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoScavenger_1e
  [2011/12/28 23:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
  [2011/10/29 16:38:01 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\sa-77400.exe
  [2011/10/29 16:38:01 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\System32\16276867285l.exe
  [2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\Ti867285ta.exe
  [2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\sa-077400.exe
  [2011/10/29 16:37:58 | 000,035,840 | -HS- | C] () -- C:\WINDOWS\System32\016276867285l.exe
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  
  :Services
  
  :Reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image file Execution Options\msconfig.exe]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image file Execution Options\regedit.exe]
  
  :Files
  ipconfig /flushdns /c
  C:\Documents and Settings\Administrator\Templates\O42525Z
  C:\WINDOWS\M13616
  C:\Program Files\FunWebProducts
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[sharokc]

while running otl the following popped up in a box:

x40224go is a windows system folder and is required for windows to run properly. it cannot be moved or renamed.

I clicked ok and it continued and finished.

during the combofix a box popped up sayint that the that there was no "restore console" asking to download.
i reconnected to the internet and clicked ok to go online and locate and install.
ii watched as it downloaded and completed all the stages.
when finished i clicked ok and combofix resumed and finished opening the txt doc and it is below.
since it finished and rebooted the only thing i have done is connect, come here, and post this so how my computer is running now seems ok but will have to continue using to be able to give you accurate info.




ComboFix 12-01-18.04 - Administrator 01/18/12 11:13:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\5331.jpg
c:\documents and settings\Administrator\7beec2e458b402e30280d940d5672cfc(1).jpg
c:\documents and settings\Administrator\7beec2e458b402e30280d940d5672cfc.jpg
c:\documents and settings\Administrator\998.jpg
c:\documents and settings\Administrator\b8444c3e849fdc5826924fab72940692.jpg
c:\documents and settings\Administrator\Desktop\BISHOP FOR CODY .scr
c:\documents and settings\Administrator\Desktop\New Folder(2).exe
c:\documents and settings\Administrator\f278318583a6e3348893830942c8211c.jpg
c:\documents and settings\Administrator\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\sql.cmd
c:\documents and settings\Administrator\Templates\O42525Z\service.exe
c:\documents and settings\Administrator\Templates\O42525Z\winlogon.exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\AVG10\update(2)\download(2)\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\hpe11.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Gallery .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Love Song .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\THe Best Ungu .scr
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Windows Vista setup .scr
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Lagu - Server .scr
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Titip Folder Jangan DiHapus .exe
C:\Install.exe
c:\program files\Common Files\Microsoft Shared\Data DosenKu .exe
c:\program files\Common Files\Microsoft Shared\Gallery .scr
c:\program files\Common Files\Microsoft Shared\Lagu - Server .scr
c:\program files\Common Files\Microsoft Shared\New mp3 BaraT !! .exe
c:\program files\Common Files\Microsoft Shared\Norman virus Control 5.18 .exe
c:\program files\Common Files\Microsoft Shared\RaHasIA .exe
c:\program files\Common Files\Microsoft Shared\THe Best Ungu .scr
c:\program files\Common Files\Microsoft Shared\Titip Folder Jangan DiHapus .exe
c:\program files\Common Files\Microsoft Shared\TutoriaL HAcking .exe
c:\program files\Common Files\Microsoft Shared\Windows Vista setup .scr
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\2.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\2.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\2.bin\installKeys.js
c:\program files\TelevisionFanatic\bar\2.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\Cache\0005960D
c:\program files\TelevisionFanatic\bar\Cache\0006711B
c:\program files\TelevisionFanatic\bar\Cache\0006C863.jhtml
c:\program files\TelevisionFanatic\bar\Cache\00070BB6
c:\program files\TelevisionFanatic\bar\Cache\0007175E.bmp
c:\program files\TelevisionFanatic\bar\Cache\000720C4.bmp
c:\program files\TelevisionFanatic\bar\Cache\00072A88.bmp
c:\program files\TelevisionFanatic\bar\Cache\00072C0F.bmp
c:\program files\TelevisionFanatic\bar\Cache\000741AA.bmp
c:\program files\TelevisionFanatic\bar\Cache\000743EC.bmp
c:\program files\TelevisionFanatic\bar\Cache\000746F9.bmp
c:\program files\TelevisionFanatic\bar\Cache\00074AD2.bmp
c:\program files\TelevisionFanatic\bar\Cache\00074D91.bmp
c:\program files\TelevisionFanatic\bar\Cache\000750EC.bmp
c:\program files\TelevisionFanatic\bar\Cache\000752F0.bmp
c:\program files\TelevisionFanatic\bar\Cache\00076223.bmp
c:\program files\TelevisionFanatic\bar\Cache\000764D2.bmp
c:\program files\TelevisionFanatic\bar\Cache\00076639.bmp
c:\program files\TelevisionFanatic\bar\Cache\00078F1E
c:\program files\TelevisionFanatic\bar\Cache\0007B6AB.bmp
c:\program files\TelevisionFanatic\bar\Cache\00232D7E
c:\program files\TelevisionFanatic\bar\Cache\003EDF75.bmp
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\History\search3
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON\8_step1.gif
c:\program files\TelevisionFanatic\bar\Message\COMMON\anemone.js
c:\program files\TelevisionFanatic\bar\Message\COMMON\bd_grad.gif
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard.js
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard1.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard2.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_ok.png
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_x.png
c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_x2.png
c:\program files\TelevisionFanatic\bar\Message\COMMON\index.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\mid_dots.gif
c:\program files\TelevisionFanatic\bar\Message\COMMON\mws_logo.gif
c:\program files\TelevisionFanatic\bar\Message\COMMON\protect.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\rebut4b.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\shield.png
c:\program files\TelevisionFanatic\bar\Message\COMMON\stop.gif
c:\program files\TelevisionFanatic\bar\Message\COMMON\systrayp.htm
c:\program files\TelevisionFanatic\bar\Message\COMMON\tp_grad.gif
c:\program files\TelevisionFanatic\bar\Settings\prevcfg2.htm
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files\TelevisionFanatic\bar\Settings\s_w1.dat
c:\program files\TelevisionFanatic\bar\Settings\s_w1.dat.bak
c:\program files\TelevisionFanatic\bar\Settings\s_w2.dat
c:\program files\TelevisionFanatic\bar\Settings\s_w2.dat.bak
c:\program files\TelevisionFanatic\bar\Settings\setting3.htm
c:\program files\TelevisionFanatic\bar\Settings\setting3.htm.bak
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties206021212.html
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties206021214.html
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties206021219.html
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties206021224.html
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\Radio.html
c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-790525478-1682526488-1801674531-500(2)\Dc1.bak
c:\recycler(2)\S-1-5-21-790525478-1682526488-1801674531-500(2)\Dc2.bak
c:\recycler(2)\S-1-5-21-790525478-1682526488-1801674531-500(2)\Dc3.bak
c:\recycler(2)\S-1-5-21-790525478-1682526488-1801674531-500(2)\Dc4.bak
c:\recycler(2)\S-1-5-21-790525478-1682526488-1801674531-500(2)\INFO2
C:\Thumbs.db
c:\windows\[TheMoonlight].txt
c:\windows\Downloaded Program Files\Blink 182 .exe
c:\windows\Downloaded Program Files\Data DosenKu .exe
c:\windows\Downloaded Program Files\Gallery .scr
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Downloaded Program Files\Lagu - Server .scr
c:\windows\Downloaded Program Files\Love Song .scr
c:\windows\Downloaded Program Files\New mp3 BaraT !! .exe
c:\windows\Downloaded Program Files\Norman virus Control 5.18 .exe
c:\windows\Downloaded Program Files\RaHasIA .exe
c:\windows\Downloaded Program Files\THe Best Ungu .scr
c:\windows\Downloaded Program Files\Titip Folder Jangan DiHapus .exe
c:\windows\Downloaded Program Files\TutoriaL HAcking .exe
c:\windows\Downloaded Program Files\Windows Vista setup .scr
c:\windows\M13616\EmangEloh.exe
c:\windows\M13616\smss.exe
c:\windows\sa-77400.exe
c:\windows\system\msvbvm60.dll
c:\windows\system32\16276867285l.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\X40224go\Z016276cie.cmd
c:\windows\system32\X40224go\Z16276cie.cmd
c:\windows\Ti867285ta.exe
.
----- File Replicators -----
.
c:\_otl\MovedFiles\01182012_104213\C_Documents and Settings\Administrator\Templates\O42525Z\service.exe
c:\_otl\MovedFiles\01182012_104213\C_Documents and Settings\Administrator\Templates\O42525Z\TuxO42525Z.exe
c:\_otl\MovedFiles\01182012_104213\C_Documents and Settings\Administrator\Templates\O42525Z\winlogon.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\M13616\EmangEloh.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\M13616\smss.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\sa-077400.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\sa-77400.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\system32\016276867285l.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\system32\16276867285l.exe
c:\_otl\MovedFiles\01182012_104213\C_WINDOWS\Ti867285ta.exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\Data DosenKu .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\RaHasIA .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_dynco\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_httpfe\Blink 182 .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_httpfe\Data DosenKu .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_httpfe\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_httpfe\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Application Data\Skype\shared_httpfe\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Desktop\New Folder(2).exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\Blink 182 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\Data DosenKu .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\RaHasIA .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Ares\My Shared Folder\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Local Settings\Application Data\BearShare\Blink 182 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\BearShare\Data DosenKu .exe
c:\documents and settings\Administrator\Local Settings\Application Data\BearShare\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Local Settings\Application Data\BearShare\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Local Settings\Application Data\BearShare\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\Blink 182 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\Data DosenKu .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\RaHasIA .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Local Settings\Application Data\CrazySlotsCasino\dialogs\tourneydownloaddialog\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\Blink 182 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\Data DosenKu .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\RaHasIA .exe
c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\Blink 182 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\Data DosenKu .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\RaHasIA .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\Local Settings\Application Data\VTShared\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\Administrator Porn.exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\Album Artwork\Download\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\My Music\iTunes\iTunes Media\Downloads\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\Bluetooth Exchange Folder\stuff not needed right now\DOWNLOADED FORMS AND INFO 2 KEEP\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\Downloads\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\Downloads\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\Downloads\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\Downloads\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\Downloads\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\Downloads\ST2011\Streets\MSMap\Common\MSShared\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\Downloads\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\Downloads\TutoriaL HAcking .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\Blink 182 .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\Data DosenKu .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\New mp3 BaraT !! .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\Norman virus Control 5.18 .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\RaHasIA .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\Titip Folder Jangan DiHapus .exe
c:\documents and settings\Administrator\My Documents\My Videos\RealPlayer Downloads\TutoriaL HAcking .exe
c:\documents and settings\Administrator\Templates\O42525Z\service.exe
c:\documents and settings\Administrator\Templates\O42525Z\TuxO42525Z.exe
c:\documents and settings\Administrator\Templates\O42525Z\winlogon.exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\Blink 182 .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\RaHasIA .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\AVG10\IDS\download\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\AVG10\update(2)\download(2)\Blink 182 .exe
c:\documents and settings\All Users\Application Data\AVG10\update(2)\download(2)\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\AVG10\update(2)\download(2)\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\AVG10\update(2)\download(2)\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\Blink 182 .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\AVG10\update\download\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\Blink 182 .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\RaHasIA .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\Symantec Shared\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Common\SYMSHARE\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\Data DosenKu .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\New mp3 BaraT !! .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Redist\SYMSHARE\TutoriaL HAcking .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Blink 182 .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Norman virus Control 5.18 .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\RaHasIA .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Titip Folder Jangan DiHapus .exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\TutoriaL HAcking .exe
c:\program files\BearShare Applications\Data DosenKu .exe
c:\program files\BearShare Applications\New mp3 BaraT !! .exe
c:\program files\BearShare Applications\RaHasIA .exe
c:\program files\BearShare Applications\TutoriaL HAcking .exe
c:\program files\Common Files\Avanquest software Shared\Blink 182 .exe
c:\program files\Common Files\Avanquest software Shared\Data DosenKu .exe
c:\program files\Common Files\Avanquest software Shared\Norman virus Control 5.18 .exe
c:\program files\Common Files\Avanquest software Shared\RaHasIA .exe
c:\program files\Common Files\Avanquest software Shared\Titip Folder Jangan DiHapus .exe
c:\program files\Common Files\Avanquest software Shared\TutoriaL HAcking .exe
c:\program files\Common Files\Microsoft Shared\Data DosenKu .exe
c:\program files\Common Files\Microsoft Shared\New mp3 BaraT !! .exe
c:\program files\Common Files\Microsoft Shared\Norman virus Control 5.18 .exe
c:\program files\Common Files\Microsoft Shared\RaHasIA .exe
c:\program files\Common Files\Microsoft Shared\Titip Folder Jangan DiHapus .exe
c:\program files\Common Files\Microsoft Shared\TutoriaL HAcking .exe
c:\program files\Common Files\Symantec Shared\Blink 182 .exe
c:\program files\Common Files\Symantec Shared\Data DosenKu .exe
c:\program files\Common Files\Symantec Shared\New mp3 BaraT !! .exe
c:\program files\Common Files\Symantec Shared\Norman virus Control 5.18 .exe
c:\program files\Common Files\Symantec Shared\RaHasIA .exe
c:\program files\Common Files\Symantec Shared\Titip Folder Jangan DiHapus .exe
c:\program files\Common Files\Symantec Shared\TutoriaL HAcking .exe
c:\program files\Common Files\xing shared\Blink 182 .exe
c:\program files\Common Files\xing shared\Data DosenKu .exe
c:\program files\Common Files\xing shared\New mp3 BaraT !! .exe
c:\program files\Common Files\xing shared\Norman virus Control 5.18 .exe
c:\program files\Common Files\xing shared\RaHasIA .exe
c:\program files\Common Files\xing shared\Titip Folder Jangan DiHapus .exe
c:\program files\Common Files\xing shared\TutoriaL HAcking .exe
c:\program files\ezt\Downloads\Blink 182 .exe
c:\program files\ezt\Downloads\Data DosenKu .exe
c:\program files\ezt\Downloads\New mp3 BaraT !! .exe
c:\program files\ezt\Downloads\Norman virus Control 5.18 .exe
c:\program files\ezt\Downloads\RaHasIA .exe
c:\program files\ezt\Downloads\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\da.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\de.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\en.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\en_GB.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\es.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\fi.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\fr.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\it.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\ja.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\ko.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\nb.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\nl.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\nl.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\nl.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\nl.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\nl.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\pl.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\pl.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\pl.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\pl.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\pl.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\pt.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\ru.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\sv.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\Blink 182 .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\Data DosenKu .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\New mp3 BaraT !! .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\Norman virus Control 5.18 .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\RaHasIA .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\Titip Folder Jangan DiHapus .exe
c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\DownloadsPlacard.nib\TutoriaL HAcking .exe
c:\program files\Movie Maker\Shared\Blink 182 .exe
c:\program files\Movie Maker\Shared\Data DosenKu .exe
c:\program files\Movie Maker\Shared\Norman virus Control 5.18 .exe
c:\program files\Movie Maker\Shared\RaHasIA .exe
c:\program files\Movie Maker\Shared\Titip Folder Jangan DiHapus .exe
c:\program files\Movie Maker\Shared\TutoriaL HAcking .exe
c:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Data DosenKu .exe
c:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\RaHasIA .exe
c:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Titip Folder Jangan DiHapus .exe
c:\windows\Downloaded Program Files\Blink 182 .exe
c:\windows\Downloaded Program Files\Data DosenKu .exe
c:\windows\Downloaded Program Files\New mp3 BaraT !! .exe
c:\windows\Downloaded Program Files\Norman virus Control 5.18 .exe
c:\windows\Downloaded Program Files\RaHasIA .exe
c:\windows\Downloaded Program Files\Titip Folder Jangan DiHapus .exe
c:\windows\Downloaded Program Files\TutoriaL HAcking .exe
c:\windows\ime\shared\Blink 182 .exe
c:\windows\ime\shared\Data DosenKu .exe
c:\windows\ime\shared\New mp3 BaraT !! .exe
c:\windows\ime\shared\Norman virus Control 5.18 .exe
c:\windows\ime\shared\RaHasIA .exe
c:\windows\ime\shared\Titip Folder Jangan DiHapus .exe
c:\windows\ime\shared\TutoriaL HAcking .exe
c:\windows\M13616\EmangEloh.exe
c:\windows\M13616\smss.exe
c:\windows\pchealth\UploadLB\Blink 182 .exe
c:\windows\pchealth\UploadLB\Data DosenKu .exe
c:\windows\pchealth\UploadLB\New mp3 BaraT !! .exe
c:\windows\pchealth\UploadLB\Norman virus Control 5.18 .exe
c:\windows\pchealth\UploadLB\RaHasIA .exe
c:\windows\pchealth\UploadLB\Titip Folder Jangan DiHapus .exe
c:\windows\sa-77400.exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\Blink 182 .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\Data DosenKu .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\New mp3 BaraT !! .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\Norman virus Control 5.18 .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\RaHasIA .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\Titip Folder Jangan DiHapus .exe
c:\windows\SoftwareDistribution\AuthCabs\Downloaded\TutoriaL HAcking .exe
c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\download\Titip Folder Jangan DiHapus .exe
c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\download\TutoriaL HAcking .exe
c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\download\New mp3 BaraT !! .exe
c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\download\Norman virus Control 5.18 .exe
c:\windows\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\download\RaHasIA .exe
c:\windows\SoftwareDistribution\Download\59b90d72a25c8fb81ab5ce06472f5082\download\Blink 182 .exe
c:\windows\SoftwareDistribution\Download\59b90d72a25c8fb81ab5ce06472f5082\download\Data DosenKu .exe
c:\windows\SoftwareDistribution\Download\59b90d72a25c8fb81ab5ce06472f5082\download\Norman virus Control 5.18 .exe
c:\windows\SoftwareDistribution\Download\85d26475ceaed09eb8326f5d66f84c6c\download\Data DosenKu .exe
c:\windows\SoftwareDistribution\Download\85d26475ceaed09eb8326f5d66f84c6c\download\New mp3 BaraT !! .exe
c:\windows\SoftwareDistribution\Download\85d26475ceaed09eb8326f5d66f84c6c\download\RaHasIA .exe
c:\windows\SoftwareDistribution\Download\85d26475ceaed09eb8326f5d66f84c6c\download\TutoriaL HAcking .exe
c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\download\Blink 182 .exe
c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\download\Norman virus Control 5.18 .exe
c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\download\RaHasIA .exe
c:\windows\SoftwareDistribution\Download\Blink 182 .exe
c:\windows\SoftwareDistribution\Download\Data DosenKu .exe
c:\windows\SoftwareDistribution\Download\dc679cd47b4fc0ba518ddf01400df59a\download\RaHasIA .exe
c:\windows\SoftwareDistribution\Download\dc679cd47b4fc0ba518ddf01400df59a\download\Titip Folder Jangan DiHapus .exe
c:\windows\SoftwareDistribution\Download\New mp3 BaraT !! .exe
c:\windows\SoftwareDistribution\Download\Norman virus Control 5.18 .exe
c:\windows\SoftwareDistribution\Download\RaHasIA .exe
c:\windows\SoftwareDistribution\Download\Titip Folder Jangan DiHapus .exe
c:\windows\SoftwareDistribution\Download\TutoriaL HAcking .exe
c:\windows\system32\16276867285l.exe
c:\windows\Ti867285ta.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 16:54 . 2012-01-18 17:17 -------- d-sh--r- c:\windows\M13616
2012-01-15 13:34 . 2012-01-15 14:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 22:06 . 2012-01-14 22:06 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-14 21:43 . 2012-01-14 21:43 -------- d-----w- c:\program files\DIFX
2012-01-14 21:43 . 2012-01-14 21:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2012-01-14 21:42 . 2012-01-18 17:18 -------- d-----w- c:\windows\system32\X40224go
2012-01-14 21:37 . 2012-01-14 21:37 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-01-08 17:43 . 2012-01-08 17:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2012-01-08 17:38 . 2012-01-08 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2012-01-08 17:01 . 2012-01-08 17:01 237 ----a-w- C:\user.js
2012-01-03 07:53 . 2012-01-18 16:44 -------- d-----w- c:\program files\VideoScavenger_1e
2011-12-29 06:42 . 2012-01-14 21:53 -------- d-----w- c:\program files\eMule
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-10-07 16:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-10-07 16:22 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:25 . 2010-10-07 16:22 1859584 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-11-18 12:35 . 2010-10-07 16:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-10-07 16:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-10-07 16:22 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-10-07 16:22 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-10-07 16:22 916992 ----a-w- c:\windows\system32\wininet(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:22 1212416 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:22 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-10-07 16:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-03-08 09:32 2000384 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2011-11-04 19:20 . 2009-03-08 09:39 11081728 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2011-11-04 11:23 . 2010-10-07 16:21 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2010-10-07 16:22 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-10-07 16:22 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2010-10-07 16:21 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 16:07 . 2010-10-07 16:21 1288704 ----a-w- c:\windows\system32\ole32(2)(2).dll
2011-10-29 02:26 . 2011-10-29 02:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-28 05:31 . 2010-10-07 16:21 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 05:31 . 2010-10-07 16:21 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2011-10-25 13:33 . 2010-10-07 16:21 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 02:36 . 2010-02-12 02:36 3653120 ----a-w- c:\program files\SSCERuntime_x64-ENU.msi
2010-02-12 02:36 . 2010-02-12 02:36 3164160 ----a-w- c:\program files\SSCERuntime_x86-ENU.msi
2008-04-13 23:30 35840 --sh--w- c:\windows\M13616\Ja178143bLay.com
2009-09-23 17:21 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-11-25 15:49 2463048 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]
"TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"attcm.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm.exe" [2010-09-24 269520]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-09-17 663552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-02 115560]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 88365]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-01 274608]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2010-09-24 203776]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [09/13/10 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [09/07/10 3:48 AM 26064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/10 1:19 PM 299984]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [09/13/10 12:57 PM 230768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [08/03/10 3:23 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [08/03/10 3:23 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [08/03/10 3:23 PM 26192]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [03/25/11 9:57 PM 54544]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [03/25/11 9:57 PM 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [03/25/11 9:57 PM 160400]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/08/10 4:12 AM 251728]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [01/06/11 3:23 PM 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/10 1:16 PM 130384]
S2 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe --> c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11/25/10 9:49 AM 517448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/15/12 7:34 AM 40776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [10/07/10 10:22 AM 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 9:37 PM 4640000]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [03/25/11 9:57 PM 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [03/25/11 9:57 PM 12048]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [03/25/11 9:57 PM 115216]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [08/16/11 8:15 PM 78720]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [08/16/11 8:15 PM 201088]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [08/16/11 8:15 PM 156544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/10 1:16 PM 753504]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/22/10 4:58 AM 265400]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1682526488-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-01-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1682526488-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{94F167EE-7096-4173-8F22-F4FFAB67DEAE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google....en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: rapidsurveygroup.com\www
TCP: Interfaces\{F21C5652-4A9C-4478-B930-7179098AA9E5}: NameServer = 10.133.20.11 10.132.20.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} - hxxp://www.cisgroup.net/Navigator/forms/sketch/eRapidSketch.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: extensions.BabylonToolbar_i.id - a8aa7e560000000000007a8020000200
FF - user.js: extensions.BabylonToolbar_i.hardId - a8aa7e560000000000007a8020000200
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100484
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-T1136400TT4 - c:\windows\system32\16276867285l.exe
HKLM-Run-T25Z627 - c:\windows\sa-77400.exe
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 11:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1682526488-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,12,4e,00,29,33,18,45,9f,7b,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,86,d0,76,af,7a,a6,43,bd,b5,57,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,12,4e,00,29,33,18,45,9f,7b,c2,\
.
Completion time: 2012-01-18 11:21:26
ComboFix-quarantined-files.txt 2012-01-18 17:21
ComboFix2.txt 2011-03-10 15:26
.
Pre-Run: 1,993,420,800 bytes free
Post-Run: 1,951,514,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5F230F168FE68EFDCF05DF6CF938FA66

[Gammo]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\windows\M13616
c:\windows\system32\X40224go
c:\program files\VideoScavenger_1e
c:\Program Files\iMesh Applications

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: extensions.BabylonToolbar_i.id - a8aa7e560000000000007a8020000200
FF - user.js: extensions.BabylonToolbar_i.hardId - a8aa7e560000000000007a8020000200
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100484
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[sharokc]

i thought i closed/disabled both avg and symantec endpoint protection but during the cf proceedure i got the warning. checked both and indicated that all were off. before clicking ok went to control panel computer mgmnt and services and disabled anything pertaining to either clicked ok to resume combofix but got the other warning about continuing at my own risk. clicked ok. below is the log file. thanks



ComboFix 12-01-18.04 - Administrator 01/18/12 12:36:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.556 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec Endpoint Protection *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iMesh Applications
c:\program files\iMesh Applications\iMesh\ammp3.dll
c:\program files\iMesh Applications\iMesh\avcodec-51.dll
c:\program files\iMesh Applications\iMesh\avformat-51.dll
c:\program files\iMesh Applications\iMesh\avutil-49.dll
c:\program files\iMesh Applications\iMesh\BerkeleyLoader.dll
c:\program files\iMesh Applications\iMesh\Copy_Folder.bat
c:\program files\iMesh Applications\iMesh\DiscoveryHelper.dll
c:\program files\iMesh Applications\iMesh\FixAudioDriverSignature.reg
c:\program files\iMesh Applications\iMesh\GIFAnimator.dll
c:\program files\iMesh Applications\iMesh\htmlayout.dll
c:\program files\iMesh Applications\iMesh\iMesh.exe
c:\program files\iMesh Applications\iMesh\iMesh.ico
c:\program files\iMesh Applications\iMesh\IMTrProgress.dll
c:\program files\iMesh Applications\iMesh\IMWebControl.dll
c:\program files\iMesh Applications\iMesh\Launcher.exe
c:\program files\iMesh Applications\iMesh\libungif4.dll
c:\program files\iMesh Applications\iMesh\lic_helper.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCDGrabber2.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCDWriter2.dll
c:\program files\iMesh Applications\iMesh\NCTAudioCompress3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFile3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFileWMA3.dll
c:\program files\iMesh Applications\iMesh\NCTAudioFormatSettings3.dll
c:\program files\iMesh Applications\iMesh\NCTDataCDWriter2.dll
c:\program files\iMesh Applications\iMesh\Nickel.ocx
c:\program files\iMesh Applications\iMesh\ResourcesLoc.dll
c:\program files\iMesh Applications\iMesh\SHW32.DLL
c:\program files\iMesh Applications\iMesh\Skins\RemoteSkin.wmz
c:\program files\iMesh Applications\iMesh\Smiley.ico
c:\program files\iMesh Applications\iMesh\UninstallUsers.exe
c:\program files\iMesh Applications\iMesh\UpdateInst.exe
c:\program files\iMesh Applications\iMesh\WMAProfiles.prx
c:\program files\iMesh Applications\iMesh\WMHelper.dll
c:\program files\VideoScavenger_1e
c:\program files\VideoScavenger_1e\bar\1.bin\chrome\1effxtbr.jar
c:\program files\VideoScavenger_1e\bar\1.bin\INSTALL.RDF
c:\program files\VideoScavenger_1e\bar\1.bin\installKeys.js
c:\program files\VideoScavenger_1e\bar\1.bin\LOGO.BMP
c:\program files\VideoScavenger_1e\bar\Cache\0165F312.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD44F0
c:\program files\VideoScavenger_1e\bar\Cache\04DD7B91
c:\program files\VideoScavenger_1e\bar\Cache\04DD7D17.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD7E8E.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD8015.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD8D92.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD8F76.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD912C.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD968B.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD97C3.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD993A.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD9A73.bmp
c:\program files\VideoScavenger_1e\bar\Cache\04DD9B1F.jhtml
c:\program files\VideoScavenger_1e\bar\Cache\04DDB752
c:\program files\VideoScavenger_1e\bar\Cache\04DDCAF9.bmp
c:\program files\VideoScavenger_1e\bar\gen1\COMMON.T8S
c:\program files\VideoScavenger_1e\bar\History\search3
c:\program files\VideoScavenger_1e\bar\IE9Mesg\COMMON.T8S
c:\program files\VideoScavenger_1e\bar\Message\COMMON.T8S
c:\program files\VideoScavenger_1e\bar\Message\COMMON\8_step1.gif
c:\program files\VideoScavenger_1e\bar\Message\COMMON\anemone.js
c:\program files\VideoScavenger_1e\bar\Message\COMMON\bd_grad.gif
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpguard.js
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpguard1.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpguard2.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpp_ok.png
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpp_x.png
c:\program files\VideoScavenger_1e\bar\Message\COMMON\hpp_x2.png
c:\program files\VideoScavenger_1e\bar\Message\COMMON\index.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\mid_dots.gif
c:\program files\VideoScavenger_1e\bar\Message\COMMON\mws_logo.gif
c:\program files\VideoScavenger_1e\bar\Message\COMMON\protect.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\rebut4b.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\shield.png
c:\program files\VideoScavenger_1e\bar\Message\COMMON\stop.gif
c:\program files\VideoScavenger_1e\bar\Message\COMMON\systrayp.htm
c:\program files\VideoScavenger_1e\bar\Message\COMMON\tp_grad.gif
c:\program files\VideoScavenger_1e\bar\Settings\prevcfg2.htm
c:\program files\VideoScavenger_1e\bar\Settings\s_pid.dat
c:\program files\VideoScavenger_1e\bar\Settings\s_w1.dat
c:\program files\VideoScavenger_1e\bar\Settings\s_w1.dat.bak
c:\program files\VideoScavenger_1e\bar\Settings\s_w2.dat
c:\program files\VideoScavenger_1e\bar\Settings\s_w2.dat.bak
c:\program files\VideoScavenger_1e\bar\Settings\setting3.htm
c:\program files\VideoScavenger_1e\bar\Settings\setting3.htm.bak
C:\RECYCLER(3)
c:\recycler(3)\S-1-5-21-790525478-1682526488-1801674531-500(2)\INFO2
c:\windows\M13616
c:\windows\M13616\Ja178143bLay.com
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-15 13:34 . 2012-01-15 14:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-14 22:06 . 2012-01-14 22:06 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-14 21:43 . 2012-01-14 21:43 -------- d-----w- c:\program files\DIFX
2012-01-14 21:43 . 2012-01-14 21:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2012-01-14 21:42 . 2012-01-18 17:18 -------- d-----w- c:\windows\system32\X40224go
2012-01-14 21:37 . 2012-01-14 21:37 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-01-08 17:43 . 2012-01-08 17:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2012-01-08 17:38 . 2012-01-08 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2012-01-08 17:01 . 2012-01-08 17:01 237 ----a-w- C:\user.js
2011-12-29 06:42 . 2012-01-14 21:53 -------- d-----w- c:\program files\eMule
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-10-07 16:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-10-07 16:22 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:25 . 2010-10-07 16:22 1859584 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-11-18 12:35 . 2010-10-07 16:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-10-07 16:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-10-07 16:22 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-10-07 16:22 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-10-07 16:22 916992 ----a-w- c:\windows\system32\wininet(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:22 1212416 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:22 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2011-11-04 19:20 . 2010-10-07 16:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-10-07 16:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-03-08 09:32 2000384 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2011-11-04 19:20 . 2009-03-08 09:39 11081728 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2011-11-04 11:23 . 2010-10-07 16:21 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2010-10-07 16:22 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-10-07 16:22 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2010-10-07 16:21 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 16:07 . 2010-10-07 16:21 1288704 ----a-w- c:\windows\system32\ole32(2)(2).dll
2011-10-29 02:26 . 2011-10-29 02:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-28 05:31 . 2010-10-07 16:21 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 05:31 . 2010-10-07 16:21 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2011-10-25 13:33 . 2010-10-07 16:21 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 02:36 . 2010-02-12 02:36 3653120 ----a-w- c:\program files\SSCERuntime_x64-ENU.msi
2010-02-12 02:36 . 2010-02-12 02:36 3164160 ----a-w- c:\program files\SSCERuntime_x86-ENU.msi
2009-09-23 17:21 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-11-25 15:49 2463048 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]
"TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"attcm.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm.exe" [2010-09-24 269520]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-09-17 663552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-02 115560]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 88365]
"UniPrint"="c:\program files\UniPrint\Client\SetDfltSettings.exe" [2010-07-06 191920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-01 274608]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2010-09-24 203776]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [09/13/10 3:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [09/07/10 3:48 AM 26064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/10 1:19 PM 299984]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [09/13/10 12:57 PM 230768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [08/03/10 3:23 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [08/03/10 3:23 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [08/03/10 3:23 PM 26192]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [03/25/11 9:57 PM 54544]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [03/25/11 9:57 PM 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [03/25/11 9:57 PM 160400]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/08/10 4:12 AM 251728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [03/18/10 1:16 PM 130384]
S2 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe --> c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/15/12 7:34 AM 40776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [10/07/10 10:22 AM 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 9:37 PM 4640000]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [03/25/11 9:57 PM 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [03/25/11 9:57 PM 12048]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [03/25/11 9:57 PM 115216]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [08/16/11 8:15 PM 78720]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [08/16/11 8:15 PM 201088]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [08/16/11 8:15 PM 156544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [03/18/10 1:16 PM 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11/25/10 9:49 AM 517448]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [01/06/11 3:23 PM 6128720]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/22/10 4:58 AM 265400]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALERTER
*NewlyCreated* - AVG_SECURITY_TOOLBAR_SERVICE
*NewlyCreated* - MESSENGER
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1682526488-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-01-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1682526488-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{94F167EE-7096-4173-8F22-F4FFAB67DEAE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google....en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: google.com\mail
Trusted Zone: rapidsurveygroup.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} - hxxp://www.cisgroup.net/Navigator/forms/sketch/eRapidSketch.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4v54krdl.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1682526488-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,12,4e,00,29,33,18,45,9f,7b,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,86,d0,76,af,7a,a6,43,bd,b5,57,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,12,4e,00,29,33,18,45,9f,7b,c2,\
.
Completion time: 2012-01-18 12:45:05
ComboFix-quarantined-files.txt 2012-01-18 18:45
ComboFix2.txt 2012-01-18 17:21
ComboFix3.txt 2011-03-10 15:26
.
Pre-Run: 1,961,844,736 bytes free
Post-Run: 1,909,678,080 bytes free
.
- - End Of File - - C3A716556694FA307D6A528B831DBCD6

[Gammo]

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
c:\windows\system32\X40224go

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
• Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[sharokc]

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\system32\X40224go" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[sharokc]

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: WA68A7S1J249 [administrator]

Protection: Disabled

01/21/12 6:36:45 PM
mbam-log-2012-01-21 (18-36-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169807
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
C:\Documents and Settings\Administrator\Application Data\Skype\shared_dynco\Gallery .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_dynco\Lagu - Server .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_dynco\Love Song .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_dynco\THe Best Ungu .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_dynco\Windows Vista setup .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_httpfe\THe Best Ungu .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_httpfe\Windows Vista setup .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_httpfe\Gallery .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_httpfe\Lagu - Server .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Skype\shared_httpfe\Love Song .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\THe Best Ungu .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\Gallery .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\Lagu - Server .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\Love Song .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\eMuleSetup(1).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\eMuleSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\Gallery .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\Lagu - Server .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\Love Song .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\THe Best Ungu .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\Windows Vista setup .scr (Worm.Moonlight.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)



2012/01/21 18:52:19 -0600 WA68A7S1J249 Administrator MESSAGE Starting protection
2012/01/21 18:52:33 -0600 WA68A7S1J249 Administrator MESSAGE Protection started successfully
2012/01/21 18:52:36 -0600 WA68A7S1J249 Administrator MESSAGE Starting IP protection
2012/01/21 18:52:43 -0600 WA68A7S1J249 Administrator MESSAGE IP Protection started successfully
2012/01/21 18:56:44 -0600 WA68A7S1J249 Administrator MESSAGE Executing scheduled update: Daily
2012/01/21 18:57:02 -0600 WA68A7S1J249 Administrator MESSAGE Scheduled update executed successfully: database updated from version v2012.01.21.02 to version v2012.01.22.01
2012/01/21 18:57:02 -0600 WA68A7S1J249 Administrator MESSAGE Starting database refresh
2012/01/21 18:57:02 -0600 WA68A7S1J249 Administrator MESSAGE Stopping IP protection
2012/01/21 18:57:03 -0600 WA68A7S1J249 Administrator MESSAGE IP Protection stopped
2012/01/21 18:57:08 -0600 WA68A7S1J249 Administrator MESSAGE Database refreshed successfully
2012/01/21 18:57:08 -0600 WA68A7S1J249 Administrator MESSAGE Starting IP protection
2012/01/21 18:57:12 -0600 WA68A7S1J249 Administrator MESSAGE IP Protection started successfully

[sharokc]

the eset window wont give me the start button after checking the accept box

Attached Files

•  http___www.eset.pdf   23.35KB   302 downloads

[Gammo]

Just leave the ESET online scanner then. Instead I'd like you to perform a full scan with Malwarebytes Anti-Malware.

Run Malwarebytes Anti-Malware

• Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
• Once the updates were downloaded, click the "Scanner" tab, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[sharokc]

the other txt file too large to attach. am trying to add it in sections. mbam had over 4000 items to remove and said all were removed successfully.

Attached Files

•  protection-log-2012-01-22.txt   3.12KB   93 downloads

[sharokc]

AFTER ATTEMPTING TO SEPARATE THE TXT FILE INTO SECTIONS I CREATED 6 TXT DOCS AND STILL EACH WAS TOO LARGE TO UPLOAD. THIS ATTACHED FILE HAS THE BEGINNING LINES AND THE ENDING LINES WITH SOME 4000 LINES IN BETWEEN DELETED. I STILL HAVE THE ORIGINAL DOC IF THERE IS INFO CONTAINED IN IT THAT YOU NEED WILL ATTEMPT TO CREATE MORE SEPARATE DOCS AND GET IT ALL UPLOADED.

Attached Files

•  mbam-log-2012-01-22 (10-20-47)edited.txt   106.12KB   115 downloads

[Gammo]

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

• A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
• SpywareBlaster to help prevent spyware from installing in the first place.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo