Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

StartNow Virus on Home Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

StartNow Virus on Home Computer

Unread postby ARecentStudy » December 29th, 2011, 1:25 am

I just came home for break to find the StartNow Virus installed on our computer. I noticed it when there were random words underlined for "text-enhance" ads. I went to the Control Panel to look at my programs and found Shop To Win and StartNow Toolbar. I tried to uninstall both. The uninstall said Shop to Win still has elements on my computer, but trying to uninstall StartNow led to a warning from a process blocker saying that the StartNow uninstaller was a trojan. I downloaded Malwarebytes Anti-Malware and had it perform a quick scan. It got rid of some .Zugo files, not sure what those were, and some setup files but StartNow is still on here.
I also have reason to believe that this is affecting all of the Windows accounts on this computer, not just mine.

Any help you could give would be excellent! I'm very grateful that this forum exists and I really appreciate what you're doing here.

Here is the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Elena at 0:06:59 on 2011-12-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1221 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\lxbtcoms.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5e0250ca000000000000001aef1a10b5&tlver=1.4.19.19&affID=18606
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [lxbtmon.exe] "c:\program files\lexmark 5200 series\lxbtmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5200 series\ezprint.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ReminderApp] c:\program files\nova development\greeting card factory workshop 8.0\ReminderApp.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\elena\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\elena\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\elena\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\driver~1.lnk - c:\users\parker\appdata\local\microsoft\windows\temporary internet files\content.ie5\89uh3iej\DriverPerformer_V15[1].exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mp3roc~1.lnk - c:\program files\mp3 rocket\MP3Rocket.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{181677FF-91FA-40AF-BF5B-EE0245E82A24} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\elena\appdata\roaming\mozilla\firefox\profiles\iux5djsl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\0.80.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.0\npesnsonar.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-7 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-7 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-8 232512]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-26 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-7 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-7 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-4 44768]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-28 652872]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.7\ccSvcHst.exe [2011-8-8 130000]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-8-9 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-8-9 416112]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-26 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-26 263680]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-28 20464]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-7-13 9216]
R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2011-5-17 368128]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-8-9 16240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2011-5-12 904192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-7 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-22 1343400]
.
=============== Created Last 30 ================
.
2011-12-29 04:33:44 -------- d-----w- c:\users\elena\appdata\roaming\Malwarebytes
2011-12-29 04:33:39 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 04:33:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 04:33:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 18:37:27 -------- d-----w- c:\users\elena\appdata\local\Apple Computer
2011-12-27 11:41:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62f8e148-d700-4473-8829-6d833108227c}\offreg.dll
2011-12-27 11:41:03 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62f8e148-d700-4473-8829-6d833108227c}\mpengine.dll
2011-12-27 01:48:02 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-12-27 01:48:02 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-27 01:48:01 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-12-27 01:48:01 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-12-27 01:48:01 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-27 01:46:57 294912 ----a-w- c:\windows\system32\ATIODE.exe
2011-12-27 01:46:57 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-12-27 01:46:49 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-12-27 01:46:49 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-12-27 01:46:45 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-12-27 01:46:44 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-26 22:21:53 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-26 22:21:53 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-26 22:21:53 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-12-26 22:21:53 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-26 13:04:02 -------- d-----w- c:\program files\CrossriderWebApps
2011-12-26 13:03:53 -------- d-----w- c:\programdata\CodecCheck
2011-12-26 13:03:52 -------- d-----w- C:\codec-info
2011-12-26 13:03:23 -------- d-----w- c:\program files\BFlixToolbar
2011-12-25 14:39:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-25 14:39:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-25 14:39:09 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-25 14:39:09 -------- d-----w- c:\program files\iPod
2011-12-25 14:39:08 -------- d-----w- c:\program files\iTunes
2011-12-22 11:33:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-20 03:40:20 -------- d-----w- c:\programdata\CELSYS
2011-12-20 03:40:18 -------- d-----w- c:\users\elena\appdata\roaming\Smith Micro
2011-12-20 03:38:56 -------- d-----w- c:\program files\Smith Micro
2011-12-20 03:38:49 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-20 03:13:51 -------- d-----w- c:\program files\common files\Alias Shared
2011-12-20 03:08:29 -------- d-----w- c:\program files\common files\en-US
2011-12-20 03:08:28 -------- d-----w- c:\program files\common files\ja-JP
2011-12-20 03:08:24 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-12-20 03:05:51 -------- d-----w- c:\program files\Autodesk
2011-12-20 03:02:38 -------- d-----w- c:\users\elena\appdata\roaming\Autodesk
2011-12-20 03:00:33 -------- d-----w- C:\Autodesk
2011-12-14 20:02:00 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:01:56 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:01:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 20:01:53 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 20:01:52 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 13:04:27 -------- d-----w- c:\program files\Ask.com
2011-12-07 23:09:49 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-06 01:18:31 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-12-06 01:18:13 -------- d-----w- c:\program files\common files\xing shared
2011-12-06 01:18:07 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-12-06 01:18:00 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-11-29 11:25:40 4380832 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2011-12-27 01:48:01 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-12-08 19:53:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-06 01:17:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-06 01:17:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-22 22:31:01 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-22 22:31:01 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-22 22:26:56 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-22 22:26:39 189480 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:22:37 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-17 11:59:07 3081376 ----a-w- c:\program files\install_flash_player.exe
2009-11-20 02:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 02:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
.
============= FINISH: 0:09:01.28 ===============


And Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2011 10:07:18 AM
System Uptime: 12/29/2011 12:00:18 AM (0 hours ago)
.
Motherboard: BIOSTAR Group | | H61MU3
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | SOCKET 0 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 4.411 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_230A1565&REV_06\7A010000684CE00000
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_230A1565&REV_06\7A010000684CE00000
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_05AC&PID_1301\000A270010DE52D8
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_05AC&PID_1301\000A270010DE52D8
Service: USBSTOR
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1040&SUBSYS_63001565&REV_00\4&16E9D352&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1040&SUBSYS_63001565&REV_00\4&16E9D352&0&00E1
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_31081565&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_31081565&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alien Swarm
AMD Catalyst Install Manager
America's Army 3
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ASUS VGA Driver
Atheros Wireless LAN Card
ATI AVIVO Codecs
Autodesk Backburner 2011.0.0
Autodesk DirectConnect 2010 R1
Autodesk MatchMover 2011 32-bit
Autodesk Maya 2011 32-bit
Autodesk Maya 2011 English Documentation 32-bit
avast! Free Antivirus
Bamboo
Battlefield 3™ Open Beta
Battlelog Web Plugins
BitTorrent
Bonjour
Brink
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help English
Combat Arms
Composite 2011
Counter-Strike
Counter-Strike 1.6
Counter-Strike: Source
Counter-Strike: Source Beta
Coupon Printer for Windows
Crimecraft: BLEEDOUT
Crimson Editor SVN286
Crossrider Web Apps
DAEMON Tools Lite
Day of Defeat
Deathmatch Classic
Dino D-Day
Dropbox
ESN Sonar
EverQuest II
Fallout: New Vegas
Free PDF Tablet 0.1
Garry's Mod
Global Agenda
GOM Player
Google Chrome
Google Update Helper
Greeting Card Factory Workshop 8.0
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Half-Life(R) 2
Half-Life: Blue Shift
Half-Life: Counter-Strike
Half-Life: Opposing Force
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Deskjet 3050A J611 series Product Improvement Study
HP Photo Creations
HP Update
iLivid
Insurgency
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Lexmark 5200 Series
LIMBO Demo
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.60.0.1800
Manga Studio EX 4.0
MapleStory
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0 (x86 en-US)
Nexon Game Manager
Norton Safe Web Lite
Norton Security Scan
NVIDIA PhysX
OpenAL
OpenOffice.org 3.3
Paint.NET v3.5.8
Pando Media Booster
PDF Settings
Portal
Portal 2
PunkBuster Services
Quake 3 Fortress
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
Ralink RT6x Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Ricochet
S.T.A.L.K.E.R.: Shadow of Chernobyl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Click to Call
Skype™ 5.5
Spiral Knights
StartNow Toolbar
Steam
Subsonic
swMSM
Team Fortress 2
Team Fortress 2 Beta
Team Fortress Classic
The Elder Scrolls V: Skyrim
Unity
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.9
War Inc Battlezone version 1.0.0
War Inc. Battlezone
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/29/2011 12:00:47 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
12/28/2011 7:37:54 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/28/2011 6:27:48 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/27/2011 7:56:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
12/26/2011 8:52:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0x85d8f140, 0x94d904da, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122611-78967-01.
12/26/2011 8:51:51 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
12/25/2011 9:54:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
12/24/2011 9:27:07 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 6:33:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
12/22/2011 6:33:31 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2011 6:33:30 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am
Advertisement
Register to Remove

Re: StartNow Virus on Home Computer

Unread postby deltalima » December 30th, 2011, 3:25 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby deltalima » December 30th, 2011, 3:29 pm

Hi ARecentStudy,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » December 30th, 2011, 8:41 pm

This is our home computer. Thanks for the reply, here's the logs.

CK Scanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\hlserver\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel
c:\program files\autodesk\maya2011\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2011\docs\maya2011\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2011\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2011\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2011\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2011\scripts\others\crackshatter.res.mel
c:\program files\steam\steamapps\common\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\program files\steam\steamapps\parks911\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files\steam\steamapps\parks911\counter-strike source\cstrike\materials\sprites\store\crackedbeam.vmt
c:\program files\steam\steamapps\parks911\counter-strike source\cstrike\materials\sprites\store\crackedbeam.vtf
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\parker\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\public\videos\documents\battlefield play4free\mods\main\cache\{d7b71ee2-2bb9-11cf-3f71-7e23a1c2c535}_227884_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
hosts 127.0.0.1 tt11.adobe.com #[adobe.tcliveus.com]
hosts 127.0.0.1 flashplayer-adobe.com #[server down?]
hosts 127.0.0.1 stats.adobe.com
scanner sequence 3.ZZ.11.KLAPBK
----- EOF -----






MGADiag Tool:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TKH3X-HMGHJ-32VQB
Windows Product Key Hash: 7ytnJKptbpkaEd43hhXUcwHEEFA=
Windows Product ID: 00426-437-0213591-85154
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {3782D37F-A9E2-4F9F-A043-9AA12463634C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.111025-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-

1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-

80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Elena\AppData\Local\Google\Chrome\Application

\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3782D37F-A9E2-4F9F-A043-

9AA12463634C}

</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Arch

itecture>x32</Architecture><PKey>*****-*****-*****-*****-

32VQB</PKey><PID>00426-437-0213591-85154</PID><PIDType>5</PIDType><SID>S-1-5-

21-1973003820-525972890-3920212309</SID><SYSTEM><Manufacturer>BIOSTAR

Group</Manufacturer><Model>H61MU3</Model></SYSTEM><BIOS><Manufacturer>American

Megatrends Inc.</Manufacturer><Version>4.6.4</Version><SMBIOSVersion major="2"

minor="7"/><Date>20110310000000.000000+000</Date></BIOS><HWID>D2753407018400FE

</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern

Standard Time(GMT-05:00)

</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><

model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><R

esult>109</Result><Products/><Applications/></Office></Software></GenuineResul

ts>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-437-021359-01-1033-7600.0000-1652011
Installation ID: 016446923991275755178083248806901485361976667490991172
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 32VQB
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 12/30/2011 7:39:11 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:18:2011 16:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current:

OAAAAAIABAABAAEAAAADAAAAAgABAAEAeqhsI3cWwK5eiJYJSt1iNEAp5JtiPVKAoFHE/USaLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
ASPT ALASKA PerfTune





Thanks again!
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » December 31st, 2011, 10:01 am

Hi ARecentStudy,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Lavasoft Ad-Watch Live!
    avast! Antivirus
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

Now reboot the computer.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 2nd, 2012, 12:06 pm

Thanks! I uninstalled BitTorrent. Here's the logs.

OTL:

OTL logfile created on: 1/2/2012 10:57:46 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Elena\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.64% Memory free
5.98 Gb Paging File | 4.00 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 21.78 Gb Free Space | 9.35% Space Free | Partition Type: NTFS

Computer Name: BASEMENTCOMP | User Name: Elena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Elena\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\psxss.exe (Microsoft Corporation)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbtcoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3609.23384__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3609.23345__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Tablet\Pen\libxml2.dll ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\AddressBookCore.dll ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\en-US\ReminderApp.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Lexmark 5200 Series\lxbtdrec.dll ()
MOD - C:\Program Files\Lexmark 5200 Series\iptk.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe (Symantec Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( )
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (PsxDrv) -- C:\Windows\System32\drivers\psxdrv.sys (Microsoft Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology, Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5e0250ca000000000000001aef1a10b5&tlver=1.4.19.19&affID=18606


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1973003820-525972890-3920212309-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1973003820-525972890-3920212309-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/08/08 18:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 20:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/26 08:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 08:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 00:37:14 | 000,000,000 | ---D | M]

[2011/06/13 22:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Extensions
[2012/01/01 08:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 17:30:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/01 08:28:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/29 14:40:16 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/02 05:31:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2011/11/11 05:25:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Elena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/06/17 09:59:04 | 000,618,793 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16379 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL ()
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1973003820-525972890-3920212309-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk = File not found
O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181677FF-91FA-40AF-BF5B-EE0245E82A24}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/19 22:00:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78cc4ebf-c1b4-11e0-8c70-c71fbbf3cfc9}\Shell - "" = AutoRun
O33 - MountPoints2\{78cc4ebf-c1b4-11e0-8c70-c71fbbf3cfc9}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 15:29:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2011/12/30 19:50:30 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Skyrim
[2011/12/30 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Elena\Documents\My Games
[2011/12/30 19:39:50 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/12/30 19:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/12/30 19:37:41 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Elena\Desktop\MGADiag.exe
[2011/12/30 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/29 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\HpUpdate
[2011/12/29 00:06:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elena\Desktop\dds.scr
[2011/12/28 23:33:44 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Malwarebytes
[2011/12/28 23:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 23:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 23:33:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 23:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 23:32:35 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elena\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/28 13:37:27 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Local\Apple Computer
[2011/12/27 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\zip thing
[2011/12/26 20:48:02 | 005,852,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011/12/26 20:48:02 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/12/26 20:48:01 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/12/26 20:48:01 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/12/26 20:48:01 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/12/26 20:47:57 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/12/26 20:47:54 | 000,348,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011/12/26 20:47:53 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/12/26 20:47:52 | 000,032,256 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/12/26 20:47:51 | 000,417,792 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/12/26 20:47:49 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/12/26 20:47:48 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/12/26 20:47:45 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/12/26 20:47:43 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/12/26 20:47:36 | 004,200,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/12/26 20:47:27 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/12/26 20:47:20 | 000,263,680 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/12/26 20:47:17 | 018,996,224 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/12/26 20:47:13 | 008,913,920 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/12/26 20:47:09 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2011/12/26 20:47:05 | 000,360,448 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/12/26 20:47:04 | 000,774,656 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2011/12/26 20:47:01 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/12/26 20:47:00 | 000,051,200 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2011/12/26 20:46:57 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/12/26 20:46:57 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe
[2011/12/26 20:46:49 | 011,300,864 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/12/26 20:46:49 | 000,163,840 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/12/26 20:46:45 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe
[2011/12/26 20:46:44 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/12/26 17:21:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/12/26 17:21:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/12/26 17:21:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/12/26 17:21:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/12/26 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Apple Computer
[2011/12/26 08:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\CrossriderWebApps
[2011/12/26 08:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecCheck
[2011/12/26 08:03:52 | 000,000,000 | ---D | C] -- C:\codec-info
[2011/12/26 08:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BFlixToolbar
[2011/12/25 09:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 09:39:56 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/12/25 09:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/25 09:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/25 09:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 09:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/25 09:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/25 09:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/25 09:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/24 20:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 19:44:53 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\USB
[2011/12/23 17:10:37 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\Story File
[2011/12/22 06:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/22 06:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/12/21 20:32:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2011/12/20 02:09:24 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/12/19 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CELSYS
[2011/12/19 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Smith Micro
[2011/12/19 22:39:19 | 000,000,000 | ---D | C] -- C:\Users\Elena\Documents\Smith Micro
[2011/12/19 22:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manga Studio EX 4.0
[2011/12/19 22:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/12/19 22:38:49 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/12/19 22:34:39 | 000,000,000 | ---D | C] -- C:\Users\Elena\Documents\maya
[2011/12/19 22:33:41 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\Manga_Studio_EX_4.0
[2011/12/19 22:33:26 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\WinRAR
[2011/12/19 22:33:26 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/19 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/12/19 22:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/12/19 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/12/19 22:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\en-US
[2011/12/19 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ja-JP
[2011/12/19 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/12/19 22:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/12/19 22:02:38 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Autodesk
[2011/12/19 22:00:33 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/12/14 22:33:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 22:33:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 22:33:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 22:33:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 22:33:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 22:33:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 15:02:00 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 15:01:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 15:01:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 15:01:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 15:01:53 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 15:01:52 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/07 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/05 20:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/05 20:18:07 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/05 20:17:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/05 20:17:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/05 20:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/05/17 06:58:15 | 003,081,376 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2011/05/17 06:52:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2011/05/17 06:52:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2011/05/17 06:52:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2011/05/17 06:52:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2011/05/17 06:52:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2011/05/17 06:52:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2011/05/17 06:52:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2011/05/17 06:52:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2011/05/17 06:52:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2011/05/17 06:52:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2011/05/17 06:52:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2011/05/17 06:52:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[2011/05/17 06:52:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2011/05/17 06:52:26 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2011/05/17 06:52:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 11:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/01/02 10:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003UA.job
[2012/01/02 09:04:03 | 000,021,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 09:04:03 | 000,021,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 08:16:14 | 000,659,192 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 08:16:14 | 000,116,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 06:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 21:07:00 | 2408,570,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 19:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003Core.job
[2011/12/31 15:34:44 | 000,302,592 | ---- | M] () -- C:\Users\Elena\Desktop\hgf88ykd.exe
[2011/12/31 15:29:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2011/12/30 19:37:47 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Elena\Desktop\MGADiag.exe
[2011/12/30 19:30:43 | 000,458,240 | ---- | M] () -- C:\Users\Elena\Desktop\CKScanner.exe
[2011/12/30 19:28:37 | 000,002,316 | ---- | M] () -- C:\Users\Elena\Desktop\Google Chrome.lnk
[2011/12/29 00:06:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Elena\Desktop\dds.scr
[2011/12/28 23:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 23:32:56 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elena\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/28 21:00:37 | 000,495,248 | ---- | M] () -- C:\Users\Elena\Desktop\tumblr_lwxnzag0VL1r7b9fxo5_r1_250.gif
[2011/12/27 23:31:02 | 000,229,004 | ---- | M] () -- C:\Users\Elena\Desktop\onemap2.mb
[2011/12/27 23:30:19 | 010,194,740 | ---- | M] () -- C:\Users\Elena\Desktop\coffintoptextures.psd
[2011/12/26 20:48:08 | 005,852,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011/12/26 20:48:03 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/12/26 20:48:03 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/12/26 20:48:02 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/12/26 20:48:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/12/26 20:48:01 | 018,996,224 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/12/26 20:48:01 | 000,157,152 | ---- | M] () -- C:\Windows\System32\ativvsva.dat
[2011/12/26 20:47:59 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/12/26 20:47:57 | 000,348,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011/12/26 20:47:54 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/12/26 20:47:53 | 000,032,256 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/12/26 20:47:52 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/12/26 20:47:50 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/12/26 20:47:50 | 000,243,168 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/26 20:47:49 | 004,200,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/12/26 20:47:49 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/12/26 20:47:48 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/12/26 20:47:48 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/12/26 20:47:46 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/12/26 20:47:29 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/12/26 20:47:22 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/12/26 20:47:13 | 011,300,864 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/12/26 20:47:10 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2011/12/26 20:47:07 | 000,360,448 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/12/26 20:47:06 | 000,036,338 | ---- | M] () -- C:\Windows\atiogl.xml
[2011/12/26 20:47:05 | 000,774,656 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2011/12/26 20:47:03 | 000,208,016 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2011/12/26 20:47:02 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/12/26 20:47:02 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/12/26 20:47:02 | 000,204,960 | ---- | M] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/26 20:47:02 | 000,003,917 | ---- | M] () -- C:\Windows\System32\atipblag.dat
[2011/12/26 20:47:01 | 000,051,200 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2011/12/26 20:47:00 | 006,077,952 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atidxx32.dll
[2011/12/26 20:46:59 | 000,294,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe
[2011/12/26 20:46:53 | 000,163,840 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/12/26 20:46:50 | 002,044,928 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2011/12/26 20:46:47 | 000,045,056 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe
[2011/12/26 20:46:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/12/26 16:23:46 | 000,624,861 | ---- | M] () -- C:\Users\Elena\Desktop\coffintoptextures.png
[2011/12/26 13:05:52 | 091,262,610 | ---- | M] () -- C:\Users\Elena\Desktop\zip thing.zip
[2011/12/26 12:52:25 | 000,339,548 | ---- | M] () -- C:\Users\Elena\Desktop\onemap1.mb
[2011/12/26 11:03:29 | 000,001,194 | ---- | M] () -- C:\Users\Elena\Desktop\mis.bmp
[2011/12/25 09:40:26 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/24 17:33:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dave.job
[2011/12/23 17:08:06 | 000,478,460 | ---- | M] () -- C:\Users\Elena\Documents\Story File.png
[2011/12/22 06:34:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/22 06:34:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/20 02:27:16 | 000,321,964 | ---- | M] () -- C:\Users\Elena\Desktop\rendering.mb
[2011/12/20 02:18:11 | 000,115,884 | ---- | M] () -- C:\Users\Elena\Desktop\unfinishedtextures.jpg
[2011/12/20 02:17:49 | 008,831,586 | ---- | M] () -- C:\Users\Elena\Desktop\standintextures.psd
[2011/12/20 02:06:46 | 000,321,172 | ---- | M] () -- C:\Users\Elena\Desktop\coff22.mb
[2011/12/20 02:04:05 | 002,476,445 | ---- | M] () -- C:\Users\Elena\Desktop\pants_diffuse.psd
[2011/12/20 02:01:59 | 002,294,181 | ---- | M] () -- C:\Users\Elena\Desktop\coat_diffuse.psd
[2011/12/20 01:59:22 | 003,977,223 | ---- | M] () -- C:\Users\Elena\Desktop\coffin_diffuse.psd
[2011/12/20 01:25:34 | 005,810,906 | ---- | M] () -- C:\Users\Elena\Desktop\skin_diffuse.psd
[2011/12/20 00:47:58 | 001,100,280 | ---- | M] () -- C:\Users\Elena\Desktop\hat_diffuse.psd
[2011/12/20 00:27:20 | 000,422,608 | ---- | M] () -- C:\Users\Elena\Desktop\coff21.mb
[2011/12/20 00:26:53 | 000,279,004 | ---- | M] () -- C:\Users\Elena\Desktop\coffin_diffuse.png
[2011/12/20 00:26:32 | 000,265,361 | ---- | M] () -- C:\Users\Elena\Desktop\coat_diffuse.png
[2011/12/20 00:26:12 | 000,274,391 | ---- | M] () -- C:\Users\Elena\Desktop\pants_diffuse.png
[2011/12/20 00:25:41 | 000,283,948 | ---- | M] () -- C:\Users\Elena\Desktop\skin_diffuse.png
[2011/12/20 00:25:19 | 000,085,836 | ---- | M] () -- C:\Users\Elena\Desktop\hat_diffuse.png
[2011/12/20 00:15:32 | 000,416,884 | ---- | M] () -- C:\Users\Elena\Desktop\coff20.mb
[2011/12/19 23:57:41 | 000,404,636 | ---- | M] () -- C:\Users\Elena\Desktop\coff19.mb
[2011/12/19 23:52:14 | 000,396,016 | ---- | M] () -- C:\Users\Elena\Desktop\coff18.mb
[2011/12/19 23:46:21 | 000,393,104 | ---- | M] () -- C:\Users\Elena\Desktop\coff17.mb
[2011/12/19 23:31:59 | 000,380,272 | ---- | M] () -- C:\Users\Elena\Desktop\coff16.mb
[2011/12/19 23:15:04 | 000,099,058 | ---- | M] () -- C:\Users\Elena\Desktop\63680_1681852959924_1045577328_31895940_6422907_n.jpg
[2011/12/19 23:14:47 | 000,133,243 | ---- | M] () -- C:\Users\Elena\Desktop\Annie_SoulPortrait.jpg
[2011/12/19 22:39:18 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/12/19 22:20:59 | 496,064,085 | ---- | M] () -- C:\Users\Elena\Desktop\Manga_Studio_EX_4.0.rar
[2011/12/19 22:08:30 | 000,001,116 | ---- | M] () -- C:\Users\Elena\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/12/19 22:08:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/12/19 18:55:22 | 000,001,021 | ---- | M] () -- C:\Users\Elena\Desktop\Dropbox.lnk
[2011/12/19 18:55:22 | 000,001,001 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/18 02:21:36 | 000,411,892 | ---- | M] () -- C:\Users\Elena\Desktop\wtf.mb
[2011/12/18 02:04:11 | 000,384,696 | ---- | M] () -- C:\Users\Elena\Desktop\coff15.mb
[2011/12/15 07:05:36 | 001,689,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 08:04:10 | 000,001,149 | ---- | M] () -- C:\Users\Elena\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/12/12 08:04:09 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/08 14:53:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/05 20:18:27 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/05 20:18:07 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/05 20:17:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/05 20:17:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/05 20:17:58 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/12/04 07:20:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/31 15:34:42 | 000,302,592 | ---- | C] () -- C:\Users\Elena\Desktop\hgf88ykd.exe
[2011/12/30 19:30:41 | 000,458,240 | ---- | C] () -- C:\Users\Elena\Desktop\CKScanner.exe
[2011/12/30 19:28:37 | 000,002,316 | ---- | C] () -- C:\Users\Elena\Desktop\Google Chrome.lnk
[2011/12/30 19:27:45 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003UA.job
[2011/12/30 19:27:43 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003Core.job
[2011/12/28 23:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 21:00:44 | 000,495,248 | ---- | C] () -- C:\Users\Elena\Desktop\tumblr_lwxnzag0VL1r7b9fxo5_r1_250.gif
[2011/12/27 19:08:55 | 091,262,610 | ---- | C] () -- C:\Users\Elena\Desktop\zip thing.zip
[2011/12/26 20:48:00 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/12/26 20:47:50 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/26 20:47:04 | 000,036,338 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/12/26 20:47:02 | 000,208,016 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/12/26 20:47:01 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/26 20:47:01 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/12/26 20:46:41 | 002,044,928 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2011/12/26 16:45:34 | 010,194,740 | ---- | C] () -- C:\Users\Elena\Desktop\coffintoptextures.psd
[2011/12/26 16:23:45 | 000,624,861 | ---- | C] () -- C:\Users\Elena\Desktop\coffintoptextures.png
[2011/12/26 16:22:58 | 000,229,004 | ---- | C] () -- C:\Users\Elena\Desktop\onemap2.mb
[2011/12/26 12:52:25 | 000,339,548 | ---- | C] () -- C:\Users\Elena\Desktop\onemap1.mb
[2011/12/26 11:03:29 | 000,001,194 | ---- | C] () -- C:\Users\Elena\Desktop\mis.bmp
[2011/12/25 09:40:26 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/25 09:32:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/23 17:06:31 | 000,478,460 | ---- | C] () -- C:\Users\Elena\Documents\Story File.png
[2011/12/20 02:18:23 | 000,321,964 | ---- | C] () -- C:\Users\Elena\Desktop\rendering.mb
[2011/12/20 02:18:06 | 000,115,884 | ---- | C] () -- C:\Users\Elena\Desktop\unfinishedtextures.jpg
[2011/12/20 02:17:47 | 008,831,586 | ---- | C] () -- C:\Users\Elena\Desktop\standintextures.psd
[2011/12/20 00:53:10 | 000,321,172 | ---- | C] () -- C:\Users\Elena\Desktop\coff22.mb
[2011/12/20 00:49:48 | 002,294,181 | ---- | C] () -- C:\Users\Elena\Desktop\coat_diffuse.psd
[2011/12/20 00:48:27 | 003,977,223 | ---- | C] () -- C:\Users\Elena\Desktop\coffin_diffuse.psd
[2011/12/20 00:47:57 | 001,100,280 | ---- | C] () -- C:\Users\Elena\Desktop\hat_diffuse.psd
[2011/12/20 00:47:08 | 005,810,906 | ---- | C] () -- C:\Users\Elena\Desktop\skin_diffuse.psd
[2011/12/20 00:46:33 | 002,476,445 | ---- | C] () -- C:\Users\Elena\Desktop\pants_diffuse.psd
[2011/12/20 00:26:52 | 000,279,004 | ---- | C] () -- C:\Users\Elena\Desktop\coffin_diffuse.png
[2011/12/20 00:26:32 | 000,265,361 | ---- | C] () -- C:\Users\Elena\Desktop\coat_diffuse.png
[2011/12/20 00:26:11 | 000,274,391 | ---- | C] () -- C:\Users\Elena\Desktop\pants_diffuse.png
[2011/12/20 00:25:41 | 000,283,948 | ---- | C] () -- C:\Users\Elena\Desktop\skin_diffuse.png
[2011/12/20 00:25:18 | 000,085,836 | ---- | C] () -- C:\Users\Elena\Desktop\hat_diffuse.png
[2011/12/20 00:17:30 | 000,422,608 | ---- | C] () -- C:\Users\Elena\Desktop\coff21.mb
[2011/12/20 00:15:32 | 000,416,884 | ---- | C] () -- C:\Users\Elena\Desktop\coff20.mb
[2011/12/19 23:57:41 | 000,404,636 | ---- | C] () -- C:\Users\Elena\Desktop\coff19.mb
[2011/12/19 23:52:14 | 000,396,016 | ---- | C] () -- C:\Users\Elena\Desktop\coff18.mb
[2011/12/19 23:46:21 | 000,393,104 | ---- | C] () -- C:\Users\Elena\Desktop\coff17.mb
[2011/12/19 23:31:59 | 000,380,272 | ---- | C] () -- C:\Users\Elena\Desktop\coff16.mb
[2011/12/19 23:15:04 | 000,099,058 | ---- | C] () -- C:\Users\Elena\Desktop\63680_1681852959924_1045577328_31895940_6422907_n.jpg
[2011/12/19 23:14:47 | 000,133,243 | ---- | C] () -- C:\Users\Elena\Desktop\Annie_SoulPortrait.jpg
[2011/12/19 22:39:18 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/12/19 22:08:30 | 000,001,116 | ---- | C] () -- C:\Users\Elena\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2011.lnk
[2011/12/19 22:08:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/12/19 22:07:33 | 496,064,085 | ---- | C] () -- C:\Users\Elena\Desktop\Manga_Studio_EX_4.0.rar
[2011/12/19 19:33:40 | 001,862,116 | ---- | C] () -- C:\Users\Elena\Desktop\coffin_top color.jpg
[2011/12/19 19:33:40 | 000,411,892 | ---- | C] () -- C:\Users\Elena\Desktop\wtf.mb
[2011/12/19 19:33:40 | 000,384,696 | ---- | C] () -- C:\Users\Elena\Desktop\coff15.mb
[2011/12/19 19:33:40 | 000,319,821 | ---- | C] () -- C:\Users\Elena\Desktop\grid51.jpg
[2011/12/05 20:18:27 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/11/02 20:25:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/09/04 14:32:25 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini
[2011/08/09 20:56:14 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/07/22 21:20:19 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/22 21:19:53 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/22 21:19:51 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/07/22 21:19:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/07/07 12:56:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 12:56:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/06 17:08:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/17 11:14:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/17 11:14:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/14 14:07:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/05/17 06:52:26 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2011/05/16 19:38:26 | 046,575,024 | ---- | C] () -- C:\ProgramData\cjr5200EN.exe
[2011/05/12 09:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/30 16:19:19 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 001,689,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,659,192 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,116,936 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 08:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll

< End of report >





Extras:

OTL Extras logfile created on: 1/2/2012 10:57:46 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Elena\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.64% Memory free
5.98 Gb Paging File | 4.00 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 21.78 Gb Free Space | 9.35% Space Free | Partition Type: NTFS

Computer Name: BASEMENTCOMP | User Name: Elena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1637E594-321F-475A-9282-7E64B4E03D7D}_is1" = Subsonic
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}" = Atheros Wireless LAN Card
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3070A9C6-D670-439A-21ED-ED0CB66B15FC}" = Catalyst Control Center Graphics Full Existing
"{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}" = Greeting Card Factory Workshop 8.0
"{338AD4E5-9332-A678-5062-7A07ED70D6D4}" = ccc-core-static
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2011.0.0
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{67DEC296-C8CC-A5BE-0378-A25C760B78B4}" = Catalyst Control Center Graphics Full New
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{702EC1FF-A081-48AE-8363-8D78A0919F86}" = Autodesk DirectConnect 2010 R1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{774F2CE3-C9C9-BC80-1231-E9432F2756C3}" = ccc-utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EAC91E4-AFC3-8A6F-B802-218548D21873}" = Catalyst Control Center Core Implementation
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{962F04A4-130E-F725-BFC3-F46E33889D0E}" = ATI AVIVO Codecs
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A059FB87-5DC3-0883-7D65-F68603CACDF1}" = Catalyst Control Center Graphics Previews Vista
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}" = HP Deskjet 3050A J611 series Basic Device Software
"{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}" = HP Deskjet 3050A J611 series Product Improvement Study
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D98A4E05-4DED-A9BC-313F-DCD315A6A654}" = CCC Help English
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED7CED5A-26BF-DFD3-08AC-771E72D43F74}" = Catalyst Control Center Localization All
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3AB0933-B7D6-4C47-5523-922B49B37AE3}" = Catalyst Control Center Graphics Light
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combat Arms" = Combat Arms
"Crimson Editor SVN286" = Crimson Editor SVN286
"Crossrider" = Crossrider Web Apps
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.0" = ESN Sonar
"Free PDF Tablet" = Free PDF Tablet 0.1
"Giraffic" = Veoh Giraffic Video Accelerator
"GOM Player" = GOM Player
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"Lexmark 5200 Series" = Lexmark 5200 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Manga Studio EX 4.0" = Manga Studio EX 4.0
"MapleStory" = MapleStory
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PunkBusterSvc" = PunkBuster Services
"Quake 3 Fortress" = Quake 3 Fortress
"RealPlayer 15.0" = RealPlayer
"StartNow Toolbar" = StartNow Toolbar
"Steam App 10" = Counter-Strike
"Steam App 107900" = War Inc. Battlezone
"Steam App 113400" = APB Reloaded
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13140" = America's Army 3
"Steam App 17020" = Global Agenda
"Steam App 17700" = Insurgency
"Steam App 20" = Team Fortress Classic
"Steam App 220" = Half-Life 2
"Steam App 22350" = Brink
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 38830" = Crimecraft: BLEEDOUT
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 48010" = LIMBO Demo
"Steam App 50" = Half-Life: Opposing Force
"Steam App 520" = Team Fortress 2 Beta
"Steam App 60" = Ricochet
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steam App 70000" = Dino D-Day
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 99900" = Spiral Knights
"Unity" = Unity
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.9
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 8:22:57 AM | Computer Name = BasementComp | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2011 3:04:39 PM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ee862ad Exception code: 0xc0000005 Fault offset: 0x6916f119 Faulting
process id: 0x672c Faulting application start time: 0x01ccc590e86d2266 Faulting application
path: c:\program files\steam\steamapps\parks911\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: c9fff5a2-3186-11e1-9042-89893efe3fa9

Error - 12/29/2011 9:55:12 AM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4e547bf8 Exception code: 0xc0000005 Fault offset: 0x53b5bec0
Faulting
process id: 0x3598 Faulting application start time: 0x01ccc631747903d8 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: ba09b156-3224-11e1-a514-b93a2a6d2da9

Error - 12/29/2011 10:18:07 AM | Computer Name = BasementComp | Source = VSS | ID = 8194
Description =

Error - 12/29/2011 10:54:38 AM | Computer Name = BasementComp | Source = Application Hang | ID = 1002
Description = The program realplay.exe version 15.0.0.198 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 38d4 Start
Time: 01ccc639a7b61c3a Termination Time: 5 Application Path: C:\Program Files\Real\RealPlayer\realplay.exe

Report
Id: f8bb6353-322c-11e1-a514-b93a2a6d2da9

Error - 12/29/2011 4:44:26 PM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ee862ad Exception code: 0xc0000005 Fault offset: 0x6d13f119 Faulting
process id: 0x1b58 Faulting application start time: 0x01ccc666d474a1d9 Faulting application
path: c:\program files\steam\steamapps\parks911\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: e4f0f45f-325d-11e1-a514-b93a2a6d2da9

Error - 12/29/2011 7:59:41 PM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ee862ad Exception code: 0xc0000005 Fault offset: 0x6d13f119 Faulting
process id: 0x3fdc Faulting application start time: 0x01ccc681536efc01 Faulting application
path: c:\program files\steam\steamapps\parks911\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: 2bccabc6-3279-11e1-a514-b93a2a6d2da9

Error - 12/30/2011 1:49:01 AM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ee862ad Exception code: 0xc0000005 Fault offset: 0x6cbdf119 Faulting
process id: 0x2fd8 Faulting application start time: 0x01ccc6b12f462053 Faulting application
path: c:\program files\steam\steamapps\parks911\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: f8ab2cab-32a9-11e1-a514-b93a2a6d2da9

Error - 12/31/2011 9:53:13 AM | Computer Name = BasementComp | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2011 4:04:11 PM | Computer Name = BasementComp | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.3.10.0, time stamp:
0x4ee667a4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x25514b20 Faulting process id: 0x3f80 Faulting application
start time: 0x01ccc7cdf8112d7d Faulting application path: c:\program files\steam\steamapps\common\skyrim\TESV.exe
Faulting
module path: unknown Report Id: 9a79e3ed-33ea-11e1-820d-994feb1fa2a9

[ System Events ]
Error - 12/31/2011 4:26:51 PM | Computer Name = BasementComp | Source = Service Control Manager | ID = 7023
Description = The Message Queuing service terminated with the following error: %%-2147024877

Error - 12/31/2011 4:28:13 PM | Computer Name = BasementComp | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 1/1/2012 7:55:00 AM | Computer Name = BasementComp | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 1/1/2012 9:18:25 AM | Computer Name = BasementComp | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/1/2012 10:07:13 PM | Computer Name = BasementComp | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 1/1/2012 10:53:01 PM | Computer Name = BasementComp | Source = BROWSER | ID = 8032
Description =

Error - 1/2/2012 7:56:12 AM | Computer Name = BasementComp | Source = DCOM | ID = 10010
Description =

Error - 1/2/2012 7:56:08 AM | Computer Name = BasementComp | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NSL service.

Error - 1/2/2012 7:57:46 AM | Computer Name = BasementComp | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 1/2/2012 7:57:48 AM | Computer Name = BasementComp | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >



GMER:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 10:51:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAKS-00F0A0 rev.12.01B02
Running: hgf88ykd.exe; Driver: C:\Users\Elena\AppData\Local\Temp\awdoipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C3E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95C2C000, 0x3BEEC5, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 2nd, 2012, 2:00 pm

Hi ARecentStudy,

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Vista or Win 7, 32 bit: SQW7-Vista_x32.TXT


Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 2nd, 2012, 6:31 pm

Thank you so much for all of this help and the speedy replies! The next logs:

OTL Fix:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
========== FILES ==========
File/Folder C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Elena\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Elena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Elena\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Elena\AppData\LocalLow\searchquband not found.
C:\Users\Elena\AppData\LocalLow\searchqutoolbar folder moved successfully.
File/Folder C:\Users\Elena\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Elena\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chloe
->Temp folder emptied: 22761177 bytes
->Temporary Internet Files folder emptied: 88466885 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 158420978 bytes
->Google Chrome cache emptied: 367180939 bytes
->Flash cache emptied: 475 bytes

User: Dave
->Temp folder emptied: 16384915 bytes
->Temporary Internet Files folder emptied: 1503344145 bytes
->Java cache emptied: 64875 bytes
->FireFox cache emptied: 43899968 bytes
->Flash cache emptied: 57291 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Elena
->Temp folder emptied: 100811359 bytes
->Temporary Internet Files folder emptied: 66568312 bytes
->Java cache emptied: 100081 bytes
->FireFox cache emptied: 458390397 bytes
->Google Chrome cache emptied: 267229323 bytes
->Flash cache emptied: 20407 bytes

User: Mary
->Temp folder emptied: 9196539 bytes
->Temporary Internet Files folder emptied: 59902327 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Parker
->Temp folder emptied: 140801556 bytes
->Temporary Internet Files folder emptied: 2784529637 bytes
->Java cache emptied: 246209 bytes
->FireFox cache emptied: 334454868 bytes
->Google Chrome cache emptied: 10439766 bytes
->Flash cache emptied: 1482 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89799620 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7755541942 bytes

Total Files Cleaned = 13,617.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01022012_163437

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:14 on 02/01/2012 by Elena
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\Bandoo.exe.e9eb4d8875e4d27716357b6e0fc7b23.afa0e83a7c09eb454cd35f26b1e828.aawqff --a---- 1617300 bytes [00:16 15/06/2011] [00:16 15/06/2011] FE24B49E6021F0DFA26D7F37D46E6C4D
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\BandooGo.exe.3179e8506e8511226419e688927aac74.162616a676868f4ac227a877be9da7.aawqff --a---- 836500 bytes [00:16 15/06/2011] [00:16 15/06/2011] 12C094A6EB80A58CD14E2D6CB79EA676
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\BandooLmx.dll.bcb3a64b1c39e689e1d7b427a782644.4d55112e7dbb9454151a6ce40a33dd9.aawqff --a---- 1524116 bytes [00:16 15/06/2011] [00:16 15/06/2011] 6B645A79647DAECF60DAD02B4A95B5A4
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\BandooUI.exe.3179e8506e8511226419e688927aac74.af799f798e38a9834879fcf621a97e6.aawqff --a---- 1477524 bytes [00:16 15/06/2011] [00:16 15/06/2011] 8F63200C0572AF7F0CB01DCAD8BAE8D9
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\BandooV6.exe.a5a4115dd51da7fbfa5612f98bf57.dc718250eedfc923d6b8573a12b522.aawqff --a---- 4686372 bytes [00:16 15/06/2011] [00:16 15/06/2011] 2B7C86AA89F95A1F2E000830D8DE60D9
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\Bandoo.exe.e9eb4d8875e4d27716357b6e0fc7b23.afa0e83a7c09eb454cd35f26b1e828.aawqff --a---- 1617300 bytes [00:16 15/06/2011] [00:16 15/06/2011] FE24B49E6021F0DFA26D7F37D46E6C4D
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\BandooGo.exe.3179e8506e8511226419e688927aac74.162616a676868f4ac227a877be9da7.aawqff --a---- 836500 bytes [00:16 15/06/2011] [00:16 15/06/2011] 12C094A6EB80A58CD14E2D6CB79EA676
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\BandooLmx.dll.bcb3a64b1c39e689e1d7b427a782644.4d55112e7dbb9454151a6ce40a33dd9.aawqff --a---- 1524116 bytes [00:16 15/06/2011] [00:16 15/06/2011] 6B645A79647DAECF60DAD02B4A95B5A4
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\BandooUI.exe.3179e8506e8511226419e688927aac74.af799f798e38a9834879fcf621a97e6.aawqff --a---- 1477524 bytes [00:16 15/06/2011] [00:16 15/06/2011] 8F63200C0572AF7F0CB01DCAD8BAE8D9
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\BandooV6.exe.a5a4115dd51da7fbfa5612f98bf57.dc718250eedfc923d6b8573a12b522.aawqff --a---- 4686372 bytes [00:16 15/06/2011] [00:16 15/06/2011] 2B7C86AA89F95A1F2E000830D8DE60D9
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\bandoo.js --a---- 2051 bytes [23:02 03/06/2011] [15:23 02/01/2011] A6DF98C44937354C88A70FD3CBFEF722
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\BandooComponent.js --a---- 7661 bytes [23:02 03/06/2011] [09:26 02/03/2011] 3A95294B4A92A11A0A14F1A67C45C6AA
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [23:02 03/06/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [23:02 03/06/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89

Searching for "*iLivid*"
C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\iLividSetupV1.exe.204e6c75b918b14f627a2ad35d15bd.2eb5d5f2ec63271372c37781e81dce8d.aawqff --a---- 2023604 bytes [00:16 15/06/2011] [00:16 15/06/2011] 3745D0A49AB9C9ABF251F33FF5D7343E
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.dat --a--c- 224 bytes [23:02 03/06/2011] [23:02 03/06/2011] 7669FA7B2997FEB9A51AF223EF878396
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe --a--c- 3011820 bytes [23:02 03/06/2011] [14:41 24/05/2011] BB7CE83AF9C57584DA2E98B881326F13
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.lnk --a--c- 0 bytes [23:02 03/06/2011] [23:02 03/06/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.msi --a--c- 265728 bytes [23:02 03/06/2011] [14:41 24/05/2011] D13830E23E31957BA3A5DCD1DA04BAA9
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.par --a--c- 1495 bytes [23:02 03/06/2011] [23:02 03/06/2011] C03AC3006873B84986AD7BCD70B65A63
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.res --a--c- 2187056 bytes [23:02 03/06/2011] [14:41 24/05/2011] 42AC3ECC833BD1FF685F46818AC67719
C:\Users\All Users\Lavasoft\Ad-Aware\Quarantine\iLividSetupV1.exe.204e6c75b918b14f627a2ad35d15bd.2eb5d5f2ec63271372c37781e81dce8d.aawqff --a---- 2023604 bytes [00:16 15/06/2011] [00:16 15/06/2011] 3745D0A49AB9C9ABF251F33FF5D7343E
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.dat --a--c- 224 bytes [23:02 03/06/2011] [23:02 03/06/2011] 7669FA7B2997FEB9A51AF223EF878396
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe --a--c- 3011820 bytes [23:02 03/06/2011] [14:41 24/05/2011] BB7CE83AF9C57584DA2E98B881326F13
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.lnk --a--c- 0 bytes [23:02 03/06/2011] [23:02 03/06/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.msi --a--c- 265728 bytes [23:02 03/06/2011] [14:41 24/05/2011] D13830E23E31957BA3A5DCD1DA04BAA9
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.par --a--c- 1495 bytes [23:02 03/06/2011] [23:02 03/06/2011] C03AC3006873B84986AD7BCD70B65A63
C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.res --a--c- 2187056 bytes [23:02 03/06/2011] [14:41 24/05/2011] 42AC3ECC833BD1FF685F46818AC67719
C:\_OTL\MovedFiles\01022012_163437\C_Program Files\iLivid\ilivid.exe --a---- 1789440 bytes [23:02 03/06/2011] [15:10 03/05/2011] AC40C69102F9DADB6F3CA841985B6A2E
C:\_OTL\MovedFiles\01022012_163437\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [23:02 03/06/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08

Searching for "*whitesmoke*"
C:\Program Files\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [18:38 22/07/2011] [18:38 22/07/2011] A75467F0FD3C3E39B465FBE13099A740

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\Users\Dave\AppData\Roaming\Bandoo d------ [20:57 07/06/2011]
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com d------ [23:02 03/06/2011]

Searching for "*Searchqu*"
C:\Users\Dave\AppData\LocalLow\searchqutoolbar d------ [23:02 03/06/2011]
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar d------ [23:02 03/06/2011]
C:\Users\Parker\AppData\LocalLow\searchqutoolbar d------ [23:02 03/06/2011]
C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar d------ [23:02 03/06/2011]
C:\_OTL\MovedFiles\01022012_163437\C_Users\Elena\AppData\LocalLow\searchqutoolbar d------ [16:12 14/06/2011]

Searching for "*iLivid*"
C:\Users\Parker\AppData\Local\Ilivid Player d------ [23:02 03/06/2011]
C:\_OTL\MovedFiles\01022012_163437\C_Program Files\iLivid d----c- [23:02 03/06/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\154343A84C3934A4A878DC8BA175C847]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B3FEDDED951DDD4C9D1D7BE82335C09]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB6C335184ED76047812A4618C30B5F9]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0431AF34-232B-40FC-8642-C84E4917260D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E0221FAB-85F7-4920-A6CB-8111E55D5160}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0431AF34-232B-40FC-8642-C84E4917260D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E0221FAB-85F7-4920-A6CB-8111E55D5160}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0431AF34-232B-40FC-8642-C84E4917260D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E0221FAB-85F7-4920-A6CB-8111E55D5160}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 3rd, 2012, 6:01 am

Hi ARecentStudy,

Run OTL Script

  • Right click OTL.exe and select: Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5e0250ca000000000000001aef1a10b5&tlver=1.4.19.19&affID=18606
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe ()
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk = File not found
    O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) - File not found
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\154343A84C3934A4A878DC8BA175C847]
    "2B1E51D87B2D71A44BB42DDD5E894160"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B3FEDDED951DDD4C9D1D7BE82335C09]
    "2B1E51D87B2D71A44BB42DDD5E894160"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB6C335184ED76047812A4618C30B5F9]
    "2B1E51D87B2D71A44BB42DDD5E894160"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "DisplayName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0431AF34-232B-40FC-8642-C84E4917260D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E0221FAB-85F7-4920-A6CB-8111E55D5160}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0431AF34-232B-40FC-8642-C84E4917260D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E0221FAB-85F7-4920-A6CB-8111E55D5160}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0431AF34-232B-40FC-8642-C84E4917260D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E0221FAB-85F7-4920-A6CB-8111E55D5160}"=-
    :files
    C:\Program Files\StartNow Toolbar
    c:\progra~1\wi3c8a~1\datamngr
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\bandoo.js
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\BandooComponent.js
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css
    C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml 
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\SearchquWebSearch.xml 
    C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
    C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
    C:\Users\Dave\AppData\Roaming\Bandoo
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com
    C:\Users\Dave\AppData\LocalLow\searchqutoolbar
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar
    C:\Users\Parker\AppData\LocalLow\searchqutoolbar
    C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar
    C:\Users\Parker\AppData\Local\Ilivid Player
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 3rd, 2012, 1:59 pm

My account and all other accounts with the exception of Parker's seem to be running fine. However, when I try to search using the address bar in Mozilla Firefox on Parker's account it still redirects to search-results.com. This doesn't happen on any other account. I did log back into Parker's account before logging into mine to check the results of the OTL log, if that has anything to do with it.


Here's the results:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
Service Updater Service for StartNow Toolbar stopped successfully!
Service Updater Service for StartNow Toolbar deleted successfully!
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi3c8a~1\datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi3c8a~1\datamngr\iebho.dll deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\\Publisher deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\154343A84C3934A4A878DC8BA175C847\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B3FEDDED951DDD4C9D1D7BE82335C09\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB6C335184ED76047812A4618C30B5F9\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0431AF34-232B-40FC-8642-C84E4917260D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0431AF34-232B-40FC-8642-C84E4917260D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0221FAB-85F7-4920-A6CB-8111E55D5160} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0221FAB-85F7-4920-A6CB-8111E55D5160}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0431AF34-232B-40FC-8642-C84E4917260D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0431AF34-232B-40FC-8642-C84E4917260D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0221FAB-85F7-4920-A6CB-8111E55D5160} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0221FAB-85F7-4920-A6CB-8111E55D5160}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0431AF34-232B-40FC-8642-C84E4917260D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0431AF34-232B-40FC-8642-C84E4917260D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0221FAB-85F7-4920-A6CB-8111E55D5160} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0221FAB-85F7-4920-A6CB-8111E55D5160}\ not found.
========== FILES ==========
C:\Program Files\StartNow Toolbar\Resources\skin folder moved successfully.
C:\Program Files\StartNow Toolbar\Resources\reactivate folder moved successfully.
C:\Program Files\StartNow Toolbar\Resources\protect folder moved successfully.
C:\Program Files\StartNow Toolbar\Resources\images folder moved successfully.
C:\Program Files\StartNow Toolbar\Resources folder moved successfully.
C:\Program Files\StartNow Toolbar folder moved successfully.
File\Folder c:\progra~1\wi3c8a~1\datamngr not found.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\bandoo.js moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content\BandooComponent.js moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2} folder moved successfully.
File\Folder C:\Users\All Users\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2} not found.
C:\Users\Dave\AppData\Roaming\Bandoo folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\content folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com\components folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffox@bandoo.com folder moved successfully.
C:\Users\Dave\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar\weather folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar\coupons folder moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar folder moved successfully.
C:\Users\Parker\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar\weather folder moved successfully.
C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar\coupons folder moved successfully.
C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar folder moved successfully.
C:\Users\Parker\AppData\Local\Ilivid Player folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chloe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dave
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Elena
->Temp folder emptied: 28386 bytes
->Temporary Internet Files folder emptied: 3550431 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 40152252 bytes
->Flash cache emptied: 562 bytes

User: Mary
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Parker
->Temp folder emptied: 2921 bytes
->Temporary Internet Files folder emptied: 196001 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users

User: Chloe
->Flash cache emptied: 0 bytes

User: Dave
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Elena
->Flash cache emptied: 0 bytes

User: Mary
->Flash cache emptied: 0 bytes

User: Parker
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Chloe
->Java cache emptied: 0 bytes

User: Dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: DefaultAppPool

User: Elena
->Java cache emptied: 0 bytes

User: Mary
->Java cache emptied: 0 bytes

User: Parker
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01032012_122042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 3rd, 2012, 3:49 pm

Hi ARecentStudy,

My account and all other accounts with the exception of Parker's seem to be running fine. However, when I try to search using the address bar in Mozilla Firefox on Parker's account it still redirects to search-results.com.


It looks like we are getting there, lets dig a little deeper.

Please log into the computer using the Parker account.

Please run SystemLook again using the previous instructions and paste the following into the main textfield

Code: Select all
:filefind
*Searchqu*

:folderfind
*Searchqu*

:Regfind
Searchqu


Then click Look and post the log in your next reply.

While still logged in with the same account, please run a new scan with OTL as follows

  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post only the contents of OTL.txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 3rd, 2012, 5:20 pm

Here's the results of SystemLook and OTL on Parker's account.

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:11 on 03/01/2012 by Dave
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01032012_122042\C_Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [23:02 03/06/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\_OTL\MovedFiles\01032012_122042\C_Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [23:02 03/06/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01022012_163437\C_Users\Elena\AppData\LocalLow\searchqutoolbar d------ [16:12 14/06/2011]
C:\_OTL\MovedFiles\01032012_122042\C_Users\Dave\AppData\LocalLow\searchqutoolbar d------ [23:02 03/06/2011]
C:\_OTL\MovedFiles\01032012_122042\C_Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchqutoolbar d----c- [23:02 03/06/2011]
C:\_OTL\MovedFiles\01032012_122042\C_Users\Parker\AppData\LocalLow\searchqutoolbar d------ [23:02 03/06/2011]
C:\_OTL\MovedFiles\01032012_122042\C_Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\s89n4q63.default\searchqutoolbar d----c- [23:02 03/06/2011]

========== Regfind ==========

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"

-= EOF =-







OTL:

OTL logfile created on: 1/3/2012 4:14:33 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Parker\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.06% Memory free
5.98 Gb Paging File | 4.39 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 33.89 Gb Free Space | 14.56% Space Free | Partition Type: NTFS

Computer Name: BASEMENTCOMP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Parker\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\psxss.exe (Microsoft Corporation)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbtcoms.exe ( )


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3609.23384__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3609.23345__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Tablet\Pen\libxml2.dll ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\AddressBookCore.dll ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
MOD - C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\en-US\ReminderApp.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Lexmark 5200 Series\lxbtdrec.dll ()
MOD - C:\Program Files\Lexmark 5200 Series\iptk.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe (Symantec Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( )
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (PsxDrv) -- C:\Windows\System32\drivers\psxdrv.sys (Microsoft Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology, Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A3 28 7F 29 14 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/?babsrc=HP_ss ... ffID=18606
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z134&install_date=20111226"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111226&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/08/08 18:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 20:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/26 08:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 08:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 00:37:14 | 000,000,000 | ---D | M]

[2011/06/03 18:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/01/03 12:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions
[2011/12/20 05:32:55 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2011/08/18 05:56:56 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/23 10:12:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/06/03 18:02:08 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/02 07:19:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\ffxtlbr@babylon.com
[2011/05/30 19:10:30 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\searchtoolbar@zugo.com
[2011/09/15 04:43:58 | 000,002,576 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\askcom.xml
[2011/12/26 08:03:23 | 000,001,945 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\bing-zugo.xml
[2011/06/22 13:14:20 | 000,000,917 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\searchplugins\conduit.xml
[2012/01/01 08:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 17:30:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/05 20:18:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/01/01 08:28:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/29 14:40:16 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/02 05:31:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/11 05:25:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/17 09:59:04 | 000,618,793 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16379 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL ()
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181677FF-91FA-40AF-BF5B-EE0245E82A24}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/19 22:00:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78cc4ebf-c1b4-11e0-8c70-c71fbbf3cfc9}\Shell - "" = AutoRun
O33 - MountPoints2\{78cc4ebf-c1b4-11e0-8c70-c71fbbf3cfc9}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 16:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 19:39:50 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/12/30 19:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/12/30 07:19:22 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Apps
[2011/12/28 23:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 23:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 23:33:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 23:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 20:48:02 | 005,852,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011/12/26 20:48:02 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/12/26 20:48:01 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/12/26 20:48:01 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/12/26 20:48:01 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/12/26 20:47:57 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/12/26 20:47:54 | 000,348,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011/12/26 20:47:53 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/12/26 20:47:52 | 000,032,256 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/12/26 20:47:51 | 000,417,792 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/12/26 20:47:49 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/12/26 20:47:48 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/12/26 20:47:45 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/12/26 20:47:43 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/12/26 20:47:36 | 004,200,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/12/26 20:47:27 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/12/26 20:47:20 | 000,263,680 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/12/26 20:47:17 | 018,996,224 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/12/26 20:47:13 | 008,913,920 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/12/26 20:47:09 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2011/12/26 20:47:05 | 000,360,448 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/12/26 20:47:04 | 000,774,656 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2011/12/26 20:47:01 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/12/26 20:47:00 | 000,051,200 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2011/12/26 20:46:57 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/12/26 20:46:57 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe
[2011/12/26 20:46:49 | 011,300,864 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/12/26 20:46:49 | 000,163,840 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/12/26 20:46:45 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe
[2011/12/26 20:46:44 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/12/26 17:21:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/12/26 17:21:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/12/26 17:21:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/12/26 17:21:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/12/26 08:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\CrossriderWebApps
[2011/12/26 08:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecCheck
[2011/12/26 08:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BFlixToolbar
[2011/12/25 09:40:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Apple Computer
[2011/12/25 09:40:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Apple Computer
[2011/12/25 09:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 09:39:56 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/12/25 09:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/25 09:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/25 09:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/25 09:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/25 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Apple
[2011/12/25 09:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/25 09:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/25 09:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/24 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\WinRAR
[2011/12/24 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/24 20:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/22 06:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/22 06:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/12/21 20:32:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2011/12/19 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CELSYS
[2011/12/19 22:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manga Studio EX 4.0
[2011/12/19 22:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/12/19 22:38:49 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/12/19 22:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/12/19 22:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alias Shared
[2011/12/19 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/12/19 22:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\en-US
[2011/12/19 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ja-JP
[2011/12/19 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/12/19 22:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/12/19 22:00:33 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/12/14 22:33:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 22:33:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 22:33:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 22:33:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 22:33:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 22:33:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 15:02:00 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 15:01:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 15:01:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 15:01:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 15:01:53 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 15:01:52 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/07 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/12/05 20:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/05 20:18:07 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/05 20:17:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/05 20:17:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/05 20:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/05/17 06:58:15 | 003,081,376 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2011/05/17 06:52:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbtserv.dll
[2011/05/17 06:52:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbtusb1.dll
[2011/05/17 06:52:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbthbn3.dll
[2011/05/17 06:52:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomc.dll
[2011/05/17 06:52:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbtpmui.dll
[2011/05/17 06:52:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbtlmpm.dll
[2011/05/17 06:52:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbtcoms.exe
[2011/05/17 06:52:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbtcomm.dll
[2011/05/17 06:52:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbtinpa.dll
[2011/05/17 06:52:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbtiesc.dll
[2011/05/17 06:52:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbtih.exe
[2011/05/17 06:52:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbtcfg.exe
[2011/05/17 06:52:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbthcp.dll
[2011/05/17 06:52:26 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbtprox.dll
[2011/05/17 06:52:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbtpplc.dll
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 16:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/01/03 15:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003UA.job
[2012/01/03 12:58:26 | 000,021,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 12:58:26 | 000,021,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 12:51:06 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/03 12:50:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 12:50:38 | 2408,570,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 12:48:47 | 000,001,954 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
[2012/01/02 19:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003Core.job
[2012/01/02 16:46:28 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/02 16:46:28 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/02 14:22:49 | 000,659,192 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 14:22:49 | 000,116,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 10:44:21 | 002,451,109 | ---- | M] () -- C:\Users\Public\Videos\Documents\amt656.pdf
[2011/12/28 23:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 20:48:08 | 005,852,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011/12/26 20:48:03 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2011/12/26 20:48:03 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011/12/26 20:48:02 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/12/26 20:48:02 | 000,014,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2011/12/26 20:48:01 | 018,996,224 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2011/12/26 20:48:01 | 000,157,152 | ---- | M] () -- C:\Windows\System32\ativvsva.dat
[2011/12/26 20:47:59 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2011/12/26 20:47:57 | 000,348,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011/12/26 20:47:54 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011/12/26 20:47:53 | 000,032,256 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2011/12/26 20:47:52 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/12/26 20:47:50 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2011/12/26 20:47:50 | 000,243,168 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/26 20:47:49 | 004,200,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011/12/26 20:47:49 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011/12/26 20:47:48 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011/12/26 20:47:48 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2011/12/26 20:47:46 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2011/12/26 20:47:29 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2011/12/26 20:47:22 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2011/12/26 20:47:13 | 011,300,864 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2011/12/26 20:47:10 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2011/12/26 20:47:07 | 000,360,448 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011/12/26 20:47:06 | 000,036,338 | ---- | M] () -- C:\Windows\atiogl.xml
[2011/12/26 20:47:05 | 000,774,656 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2011/12/26 20:47:03 | 000,208,016 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2011/12/26 20:47:02 | 001,828,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2011/12/26 20:47:02 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011/12/26 20:47:02 | 000,204,960 | ---- | M] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/26 20:47:02 | 000,003,917 | ---- | M] () -- C:\Windows\System32\atipblag.dat
[2011/12/26 20:47:01 | 000,051,200 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2011/12/26 20:47:00 | 006,077,952 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atidxx32.dll
[2011/12/26 20:46:59 | 000,294,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODE.exe
[2011/12/26 20:46:53 | 000,163,840 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/12/26 20:46:50 | 002,044,928 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2011/12/26 20:46:47 | 000,045,056 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIODCLI.exe
[2011/12/26 20:46:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/12/25 09:40:26 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/24 17:33:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dave.job
[2011/12/19 22:39:18 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/12/19 22:08:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/12/16 05:23:40 | 000,012,232 | ---- | M] () -- C:\Users\Public\Videos\Documents\2012 AMH Hosting Rotation Schedule.odt
[2011/12/15 07:05:36 | 001,689,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 08:04:09 | 000,001,149 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/12/12 08:04:09 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/08 14:53:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/05 20:18:27 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/05 20:18:07 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/12/05 20:17:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/12/05 20:17:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/12/05 20:17:58 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/03 12:51:06 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/30 19:27:45 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003UA.job
[2011/12/30 19:27:43 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973003820-525972890-3920212309-1003Core.job
[2011/12/30 10:44:21 | 002,451,109 | ---- | C] () -- C:\Users\Public\Videos\Documents\amt656.pdf
[2011/12/28 23:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 20:48:00 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/12/26 20:47:50 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/26 20:47:04 | 000,036,338 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/12/26 20:47:02 | 000,208,016 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/12/26 20:47:01 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/26 20:47:01 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/12/26 20:46:41 | 002,044,928 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2011/12/25 09:40:26 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/25 09:32:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/19 22:39:18 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/12/19 22:08:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011.lnk
[2011/12/16 05:23:38 | 000,012,232 | ---- | C] () -- C:\Users\Public\Videos\Documents\2012 AMH Hosting Rotation Schedule.odt
[2011/12/05 20:18:27 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/11/06 08:38:33 | 000,010,240 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 20:25:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/09/04 14:32:25 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini
[2011/08/09 20:56:14 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/07/22 21:20:19 | 000,138,056 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\PnkBstrK.sys
[2011/07/22 21:20:19 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/22 21:19:53 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/22 21:19:51 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/07/22 21:19:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/07/07 12:56:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/07 12:56:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/06 17:08:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/17 11:14:19 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/17 11:14:19 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/14 14:07:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/05/17 06:52:26 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbtinst.dll
[2011/05/16 19:38:26 | 046,575,024 | ---- | C] () -- C:\ProgramData\cjr5200EN.exe
[2011/05/12 09:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/30 16:19:19 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3050A_J611.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 001,689,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,659,192 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,116,936 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbtcoin.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbtvs.dll
[2005/05/25 08:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbtcnv4.dll

< End of report >
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 3rd, 2012, 5:37 pm

Hi ARecentStudy,

Please log into the computer using the Parker account.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    :reg
    [HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
    "Value"=-
    [HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
    "DefaultValue"=-
    [HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
    "Value"=-
    [HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
    "DefaultValue"=-
    [HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
    "Value"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage]
    "Value"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage]
    "DefaultValue"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch]
    "Value"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch]
    "DefaultValue"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\List\Item2]
    "Value"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "URL"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage]
    "Value"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage]
    "DefaultValue"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch]
    "Value"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch]
    "DefaultValue"=-
    [HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\List\Item2]
    "Value"=-
    :commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 3rd, 2012, 10:18 pm

It's still redirecting to search-results.com in Firefox on Parker's account when searching in the address bar. Also I noticed in Internet Explorer "XFireXO Customized Web Search" appears as one of the available search providers for the address bar.

OTL:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\List\Item2 not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406} not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@ not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\Homepage not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\Files\UrlbarSearch not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\DataMngr\List\Item2 not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406} not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406} not found.
Registry value HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage\\Value deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\Homepage\\DefaultValue deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch\\Value deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\Files\UrlbarSearch\\DefaultValue deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\DataMngr\List\Item2\\Value deleted successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 01032012_205646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 4th, 2012, 5:14 am

Hi ARecentStudy,

Please log into the computer using the Parker account.

Please run SystemLook again using the previous instructions and pste the following into the main textfield

Code: Select all
:filefind
*XFireXO*
*search-results*

:folderfind
*XFireXO*
*search-results*

:Regfind
XFireXO
search-results


Then click Look and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware