Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Malware on Laptop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected Malware on Laptop

Unread postby Gowton » May 6th, 2012, 6:37 am

Hi. I suspect there may be suspicious malware on my laptop. I keep getting knocked offline after about 1/2an hour to an hour of being online. Sometimes when this happens I run a diagnostic on the connectivity and it shows its ok, but I can't surf anywhere. I have run scans with SBSD and Advanced System Care and it always seems to find cookie trackers. I remove them but they keep returning. I also have installed and running Microsoft Security Essentials.

My nephew suggested that I remove all my important files from my laptop and to do a factory reset, but I think this may be a drastic measure. I was hoping I could perhaps find what is causing the problem and remove it, with your help of course.

Here are the DDS logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Athena at 11:18:51 on 2012-05-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.885 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Disabled* {7352CBFB-3EEC-25C5-276E-DC9378FC688F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {11111111-1111-1111-1111-110011041135} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\athena\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\athena\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B06F0BBE-A709-487A-A02F-BB25C5863F9F} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-22 159600]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-28 913752]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-22 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-3-22 146800]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-4 1153368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-22 95640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-10-2 23608]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-1 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2012-05-05 16:43:08 -------- d-----w- c:\users\athena\appdata\local\Facebook
2012-05-05 15:01:35 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{273d62d4-26a9-496f-91b8-16e71931c8cd}\mpengine.dll
2012-04-30 20:25:26 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-30 20:25:26 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 20:24:47 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-30 20:24:18 429056 ----a-w- c:\windows\system32\EncDec.dll
.
==================== Find3M ====================
.
2012-03-23 18:26:45 715038 ----a-w- c:\windows\unins000.exe
.
============= FINISH: 11:20:29.92 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2008 7:55:59 PM
System Uptime: 5/6/2012 11:03:20 AM (0 hours ago)
.
Motherboard: Acer | | CathedralPeak
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 9.35 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 6.328 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Mobile Intel(R) 4 Series Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2A43&SUBSYS_01761025&REV_07\3&11583659&0&11
Manufacturer: Intel Corporation
Name: Mobile Intel(R) 4 Series Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2A43&SUBSYS_01761025&REV_07\3&11583659&0&11
Service: igfx
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9.5.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced SystemCare 5
Agere Systems HDA Modem
AnyDVD
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Boilsoft ASF Converter 2.68
Bryce(R) 5
Canon DV TWAIN Driver
Canon DV TWAIN Driver 6.3.0
CCleaner
Color Schemes
Connect
D3DX10
DivX Setup
Easy Burner
EMCO Malware Destroyer
EPSON Printer Software
EPSON Scan
eSobi v2
Facebook Video Calling 1.2.0.159
Firebird SQL Server - MAGIX Edition
Free Audio Editor
Free Convert ASF WMV to AVI MP4 3GP Converter 5.8
Free FLV Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iMesh
IMVU Avatar Chat Software
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
kuler
Launch Manager
LightScribe 1.4.142.1
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
MAGIX Music Maker MX Premium Download Version
MAGIX Music Maker MX Premium Download Version (Instrument package 1)
MAGIX Music Maker MX Premium Download Version (Instrument package 2)
MAGIX Music Maker MX Premium Download Version (Instrument package 3)
MAGIX Music Maker MX Premium Download Version (Sound package)
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OneClick Cleaner
Orion
PC Tools Firewall Plus 5.0
PhotoNow!
Photoshop Camera Raw
Poser 6
PowerDirector
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Text-To-Speech-Runtime
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VoipCheapCom
Watchtower Library 2011 - English
Wav to Mp3 Converter
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
X2X Free Video Audio Merger 2.0
Yahoo! Messenger
Yahoo! SiteBuilder
.
==== Event Viewer Messages From Past Week ========
.
5/6/2012 12:47:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/6/2012 12:17:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElbyCDIO MpFilter spldr vflt Wanarpv6
5/6/2012 12:17:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/6/2012 12:17:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/6/2012 12:16:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/6/2012 12:16:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/6/2012 12:16:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2012 12:16:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/6/2012 12:14:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
5/6/2012 11:04:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/6/2012 11:04:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt
5/6/2012 11:04:01 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the path specified.
5/6/2012 11:04:01 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/6/2012 11:03:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00234E729955 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/6/2012 10:58:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/5/2012 3:50:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/5/2012 10:33:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/5/2012 10:32:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00234E729955 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/5/2012 10:28:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/5/2012 10:28:54 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/5/2012 10:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/5/2012 10:28:53 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/5/2012 10:28:53 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
5/5/2012 10:28:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/4/2012 10:52:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/3/2012 12:56:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/2/2012 9:24:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 00234E729955 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/1/2012 2:21:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/1/2012 10:16:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
4/30/2012 9:30:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 8:53:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 8:53:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/30/2012 7:31:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 10:52:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 9:47:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 12:11:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 10:36:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
4/29/2012 10:35:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================


Please let me know what I should do. I think whatever it is may be infecting other pc's connected to the router I connect to. Since I started using their router they are getting similar problems.

Thanks in advance.
Regards,
Athena Gowton
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am
Advertisement
Register to Remove

Re: Suspected Malware on Laptop

Unread postby Cypher » May 7th, 2012, 12:33 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Advanced SystemCare 5

Next.

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • CKFiles.txt.
  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 7th, 2012, 5:53 pm

Hi Cypher.
I am in the process of backing up my files. It's taking a while but I will get back to you once I have carried out all your instructions.

Thank you for your help & support
Regards,
Athena Gowton
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 8th, 2012, 5:08 am

Hi,
Thank you for your help & support

You're welcome.
I am in the process of backing up my files. It's taking a while but I will get back to you once I have carried out all your instructions.

No problem, post the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 8th, 2012, 5:25 am

Hi Cypher. I have followed all of your instructions. Here are the logs you have requested:



CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp4\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp4\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp5p6\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliesp5p6\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliespp\queencracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\butterfliespp\queencracker.rsr
c:\program files\curious labs\poser 6\runtime\libraries\pose\spywear mat files\bob - firecracker.pz2
c:\program files\curious labs\poser 6\runtime\libraries\pose\spywear mat files\bob - firecracker.rsr
scanner sequence 3.DD.11.DXAPEQ
----- EOF -----



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.05.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Athena :: ATHENA-PC [administrator]

Protection: Enabled

5/8/2012 9:12:32 AM
mbam-log-2012-05-08 (09-12-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255520
Time elapsed: 34 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790571B47655513EA998 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790571B2765A5B30AB96 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$RECYCLE.BIN\S-1-5-21-4292145869-839141467-1624706230-1000\$RDIG9OL.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-4292145869-839141467-1624706230-1000\$RDLS8XS.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)



OTL logfile created on: 5/8/2012 10:05:38 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 47.72% Memory free
4.10 Gb Paging File | 2.92 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 11.77 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 6.30 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
PRC - [2012/04/28 03:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/22 13:33:22 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/02 23:08:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/12 03:39:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:36:33 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:36:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:35:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:34:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/05/03 01:59:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/11 19:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/15 02:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/04/30 10:56:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/04/30 10:56:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/04/30 10:56:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/06 10:30:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 10:01:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D132E251-F89F-49FC-8B4D-BC0FE177AA07}\MpKsl5125c685.sys -- (MpKsl5125c685)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/01 23:18:28 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2011/08/19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/07 10:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/03/30 12:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/21 18:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/18 20:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 16:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 20:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/02 21:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/09/29 21:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108714&babsrc=SP_ss&mntrId=240e99d100000000000000234e729955
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{3AB02F26-10C0-4977-8810-4F016257C733}: "URL" = http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=5091cce4-295f-419f-83e1-8693d92eff8e&query={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{AB19A308-BCB6-4A7E-A78C-A3FF41782F8B}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =685749&p={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{ec9658c7-78c3-431f-be24-6fa2ad5bb935}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 18:32:55 | 000,000,000 | ---D | M]

[2011/02/20 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/26 21:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Time spend on Facebook = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdiihnkhjaiokcaeiecemajlohbhefo\0.21_0\
CHR - Extension: Google Search = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/20 14:17:05 | 000,442,659 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 edgefcs.net
O1 - Hosts: 127.0.0.1 cp72511.edgefcs.net
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15211 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Facebook Update] C:\Users\Athena\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Athena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F0BBE-A709-487A-A02F-BB25C5863F9F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 10:04:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 09:10:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 09:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 09:09:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 07:05:52 | 000,000,000 | ---D | C] -- C:\Users\Athena\Desktop\PDF content
[2012/05/06 11:18:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/05 17:43:08 | 000,000,000 | ---D | C] -- C:\Users\Athena\AppData\Local\Facebook
[2012/05/05 17:42:54 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/04/30 21:25:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/30 21:24:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/08 10:05:22 | 000,716,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/08 10:05:22 | 000,148,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 10:01:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/05/08 10:01:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 10:00:38 | 2070,831,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 09:38:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 09:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:09:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 09:02:28 | 000,458,240 | ---- | M] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/08 08:51:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/07 17:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/05/06 11:18:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/06 00:34:23 | 000,001,356 | ---- | M] () -- C:\Users\Athena\AppData\Local\d3d9caps.dat
[2012/05/05 18:23:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/05/05 17:42:46 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/05/03 09:05:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/04/30 21:25:26 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/20 14:17:05 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 19:42:59 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120420-141704.backup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 09:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:02:32 | 000,458,240 | ---- | C] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/06 00:46:30 | 2070,831,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 17:43:12 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/05 17:43:10 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/03/23 19:27:53 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/23 19:27:53 | 000,106,184 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/01 02:34:42 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/12/30 16:35:20 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/12/07 19:42:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/19 10:21:23 | 000,296,135 | ---- | C] () -- C:\Users\Athena\AppData\Local\census.cache
[2011/09/19 10:20:57 | 000,213,728 | ---- | C] () -- C:\Users\Athena\AppData\Local\ars.cache
[2011/09/19 10:11:55 | 000,000,036 | ---- | C] () -- C:\Users\Athena\AppData\Local\housecall.guid.cache
[2011/09/18 02:22:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/08/10 05:49:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/08/26 04:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/26 04:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/26 04:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/26 03:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/26 03:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/26 03:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/26 03:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== Files - Unicode (All) ==========
[2011/06/11 21:39:13 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/11 21:39:13 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/06 13:44:02 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/06 13:44:02 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/05 10:27:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т
[2011/06/05 10:27:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:325064EA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >



OTL Extras logfile created on: 5/8/2012 10:05:38 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 47.72% Memory free
4.10 Gb Paging File | 2.92 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 11.77 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 6.30 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4292145869-839141467-1624706230-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689654D-DDAA-4DEE-B39F-43723D2A61D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15B65947-41F1-4AB6-80F9-D001E9823981}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37F7DB1C-97B3-414E-AB7A-F094E68F4A62}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45E4DC25-D77A-4FF5-844B-B4BE31FD532E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B900881-13A1-4396-875B-DAAC867CDCEC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6BB55909-A1B9-4DAD-B37F-25B704E0232B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8BF6293B-E7D9-4A18-AE85-23AC80BAF1C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DD69651-2ADA-4905-BB89-DC9DDE9E9493}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F3FFCC2-BD70-48AD-B6E1-A2C2870F7CC2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A24E0BE6-B6DF-4C02-BE22-44DE5518F91F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8B855A8-13CA-452C-B639-94E163B7B559}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF41525C-A160-4DB6-9506-C2EE9124D105}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBA25A86-DB51-4421-BFFD-41D2B9185C5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839668C-E726-4A4D-BA26-CB3F61E42AB9}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{09CEAC2F-0180-4452-86E6-031923DB4221}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{0B32FFD9-0220-4D5A-9988-5D12D686BB61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0DE249EC-E92C-47D8-A3EC-32997601A6CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F388B47-814E-4F3F-82B2-859760D32881}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{11D92C4D-9730-48B0-BC1F-80C05FEEF2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13161FC7-C65A-4A09-BD88-BE62DD193480}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{18DEAD3F-50AB-46FC-AFEB-25EAFBB74826}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF2D08A-9BE8-4943-8DFB-AC4578B8E184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D2FBF3F-7D73-49B8-93F5-248369213DA1}" = protocol=17 | dir=in | app=f:\magicjack.exe |
"{1DC19C2B-39F0-43B1-9D7C-809A9F5D70A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F745759-7CD5-4A7E-B650-837155002EDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{205FD617-D857-4423-807A-72B76246E583}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{256FEF41-CFFC-4894-9C9F-D2DC20A0B541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A13695C-BA16-45C2-B862-F4BC3054373D}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{2C26314D-62F9-41B2-B9A3-1ED185B35290}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C411C84-53D6-4469-905E-392FC486B67F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E68A8BA-2A8D-413E-995F-20425EB50C6E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{302CF5E3-5F91-4EDB-AA55-A9AB9B02AFDF}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3232618E-20BB-4467-9926-553334CE2CB9}" = dir=in | app=c:\users\athena\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{34CE2ECE-0455-4F90-B6CD-2AD626B18446}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{381ECEC6-BE8F-4526-8CE5-00AE0ADAA038}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A739DA8-A7F1-4163-B021-9D45959E7E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ADDA58A-166D-45ED-B2E0-7BD98396E007}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3D24F9F9-E850-46C9-9406-B7419431426C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4291CB2B-AF9F-454F-B621-F3F910AD01E0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{500173A5-3983-4AEA-8871-1804A445B43B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5014C171-919D-476D-BE17-E716460C41B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5219AD82-4535-45B0-BA3D-7B39D1BBF104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53DB035E-4A44-493F-8061-8DB808CC1802}" = protocol=6 | dir=out | app=system |
"{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{566E13E7-A6C5-4876-A9D7-1E414830894E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{58539EBA-1BA6-48D4-B87B-2CF7A71E4E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A5982D6-62B8-4DD4-AB0A-7BA934DF4E9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5C974394-7D55-414A-9CF6-BB3E379EC1B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E4789D0-3C40-4818-BF93-FAE11A634B25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E8D11AE-D8BC-4D82-9F96-F6159375705B}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{616270DB-2373-4C63-A0A6-0FB8892FBFF5}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6286BDA6-F74F-446C-B2C2-023EE460AD09}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{63487A8A-6807-4F44-AFA6-53BF899E1F88}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{63D83010-C40B-47E6-B860-6E591D54CA6A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64058BFC-EE9F-41CC-9BFB-397BBB1AF233}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6433445D-98DD-4CA5-9517-01F8A0B648CB}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{6486CFE6-C58B-47CE-8D87-C584A31EA27F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{662B402E-BFF3-470A-BF95-AF910E77C158}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{685C3898-7B1B-4D30-A65B-9D5B8516AEA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6861641A-64CB-4909-AE1B-9742975388BF}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{69DD78C0-E592-4AA5-9950-3E3D52ABEC3A}" = protocol=17 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{70EE5B4E-6EFD-4555-B913-48073B49346E}" = protocol=6 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{729D14B7-8B0D-4AC7-B43E-3C6C98FE6777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7339B7F7-96CB-4964-AB93-F2F957B2CEF2}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{74AE6906-EA9F-4EA3-85E7-5F806969D7BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{782B1532-616A-4555-933B-0D7A609CB435}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{78B61112-F0F1-4716-8B3D-D39BCFD66091}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B842830-0EE0-4AFF-9B64-ABDF3DB9D6A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C25EB82-4050-4259-A688-9E728E4EF952}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{820A18B6-CEA2-4CB3-9911-40A0C1A1D0D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E662E8-092F-4E1B-94CC-12B3A92B16FF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84D1126F-EE74-481C-87F5-8F2D2F239833}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{87837E6E-366D-4D90-8F1D-298A5B723E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8808E388-B436-4EDE-8E9A-53A680F8850D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{887F4DB3-68C1-44F8-A341-8962C08BBFA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88B5539A-01C4-4F8B-A6BC-738189C446CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8968B6E6-FAAC-47BE-83B5-B4E19C59D75F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8DED9F45-E51E-4D18-A83C-190D9583A9EC}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{8FE1C24D-F295-4AED-ABB6-C79080CA4BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949255BE-270C-4B55-8A47-CA66A348AF80}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{9BDB4ABC-97DA-41CC-B3EF-9939CAD86612}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BDC4922-9AC1-4B07-A353-00FAB42E4170}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9D6E20A9-10F6-42A4-8403-1BC31B77B241}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{9D98E990-C19D-4F98-98A9-1CBED704874E}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{9E8D99DC-1C1E-4C14-BF5D-D7CB03768709}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{9FD76A0D-C898-49D6-BC6C-2550491DC450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A393DB73-51AF-4804-B6ED-9AC47F71A4C9}" = protocol=6 | dir=in | app=f:\magicjack.exe |
"{A3B7047C-88BB-4C46-8635-B513FC56191A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{A4A230D8-3309-46A5-9896-1A2A466106F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A556C65E-6F2A-4AFB-9862-C3BE1E090FCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A72FCB45-216E-45B3-999C-851963CF526A}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{AA84B0FC-1E52-46D2-9CFC-B77E09017365}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{B02BA571-E623-47F6-ACC9-7FEF4C26ACF6}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{B69029B2-A597-45F7-975A-81A2BCD32939}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{B793D141-BE4F-4531-84D1-8CD08735EC5D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{BA5EEAC4-BBD4-4655-BAE8-94F3EE16812F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BADE10F0-D2D9-4451-9C10-4EE9D7429246}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{C0E11B1E-5BAA-4643-AA01-B995F8D8B6F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1426FB8-1465-43CE-8701-D442BD713804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1DD3982-4297-4CF1-A531-D5689BBE943D}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2679D44-8051-4A03-83AE-55AA0C1D9BE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5B1BBB9-0312-4A19-9E8B-92B5F1C2E443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C91578BC-5964-4F67-833C-A067298FAD53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C974A6FA-59C6-424B-9E4C-65802BE18D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA489281-0370-453B-8014-8147A3D7EDF4}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{CBFCEE09-B268-40D0-9B98-8253B9881C48}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CD16783D-9DF9-470E-8A88-FA0FECD133B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE3F0F08-F5EB-46F6-AF6D-63F7D76D8B75}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{CEBBE1AF-A9AC-488D-8919-1A08F589750C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{D9A994B7-D83E-4DD2-9477-DEA90E16B606}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DAB536E2-8738-4BDA-822A-6ABB08839AC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB1B6BF0-FB23-4ED2-888D-C6782D89782E}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{DBFFFFC7-FD07-4718-99F8-6200842F3AE6}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{DD5230C0-20C5-421B-80A9-A00D3A14482A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF6C8874-08D1-454E-B74A-7B150B6E2900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0A69F3F-BD3D-4956-AACF-A71769EEC3C7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E2E5E4DD-C44D-42DD-96B5-4ECE172438B1}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E4C2FD8A-3EE3-4E31-B28F-6A89F796C628}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E68A7CEC-28BC-42DB-B3BE-172902CE0B87}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{E87B19EB-142D-43AC-A0B5-91093090286C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E96A8F53-9ECF-4F07-849C-9D400BAD9C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF145C90-9629-425D-99E5-7C5820E365BE}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F04523A0-0A1A-49BA-82DB-E53B5E74E384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F17B8894-4B83-4DED-88C3-760FE526505B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F3F822F8-FDC1-416E-9A67-60DBAD656703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F49D54F5-3671-486E-9066-7EDB53DB57D7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F60402A0-E74A-4084-8C77-C452FDC16112}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F87084DD-4514-4A46-A74B-8D85DB397BFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A5A12E-71EB-41A5-A218-EA33AF1526CE}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F9C2557B-2A2A-489E-AD90-DF4790557E78}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD5308F5-6852-4BBF-9959-59EA78EAEE37}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17DD30CE-F0AF-4E46-97EE-DEDD59BD6FA0}" = MAGIX Music Maker MX Premium Download Version (Instrument package 1)
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25A3AFB2-BED8-477E-95C0-28ECDEE1D630}" = MAGIX Music Maker MX Premium Download Version (Instrument package 2)
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A61ACAF-29F5-4939-88DE-E2EF0647A4E7}" = MAGIX Music Maker MX Premium Download Version (Instrument package 3)
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5C19F599-20AD-4A27-8EB4-1B7121D4F603}" = MAGIX Music Maker MX Premium Download Version (Sound package)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4A3F-8D19-342A89631E0A}_is1" = Wav to Mp3 Converter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E890D16-5CB9-4F18-BAA1-CCD0A543CAE5}" = MAGIX Music Maker MX Premium Download Version
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F94695-C59F-4BF1-A9C5-370DCCE8364D}_is1" = X2X Free Video Audio Merger 2.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCB66BD-328F-421C-96BA-8E66C7B69336}" = MAGIX Speed burnR (MSI)
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"Bryce 5" = Bryce(R) 5
"CCleaner" = CCleaner
"Color Schemes" = Color Schemes
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"EMCO Malware Destroyer_is1" = EMCO Malware Destroyer
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free Audio Editor" = Free Audio Editor
"Free Convert ASF WMV to AVI MP4 3GP Converter_is1" = Free Convert ASF WMV to AVI MP4 3GP Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver 6.3.0
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"OneClick Cleaner_is1" = OneClick Cleaner
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Poser 6" = Poser 6
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VoipCheapCom_is1" = VoipCheapCom
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2012 3:24:58 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2012 11:10:44 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2012 11:10:46 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 5/7/2012 11:11:11 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/7/2012 11:11:11 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 5/7/2012 6:51:51 PM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =

Error - 5/7/2012 9:51:29 PM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =

Error - 5/8/2012 12:51:12 AM | Computer Name = Athena-PC | Source = Google Update | ID = 20
Description =

Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/8/2012 5:01:19 AM | Computer Name = Athena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 6/19/2011 12:34:42 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/28/2011 3:51:15 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection


Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection


Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Unable to initialize connection to the database. Process:
DefaultDomain Object Name: Media Center Guide

Error - 7/11/2011 9:31:20 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/12/2011 4:17:43 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/16/2011 11:30:59 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/19/2011 8:55:05 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/29/2011 1:32:33 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/14/2011 11:32:28 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/16/2009 12:54:07 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 472 seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/5/2011 5:09:27 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/16/2011 3:29:21 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17866
seconds with 14100 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/7/2012 11:11:15 AM | Computer Name = Athena-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = DCOM | ID = 10005
Description =

Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/7/2012 11:11:17 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/8/2012 4:58:31 AM | Computer Name = Athena-PC | Source = DCOM | ID = 10010
Description =

Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/8/2012 5:01:06 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/8/2012 5:01:15 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


I feel very positive that the scans picked up everything. Let me know if I need to do anything more. Thanks
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 8th, 2012, 5:54 am

Hi Gowton,
Did you uninstall Advanced SystemCare 5 as instructed?
Going by your logs it's still installed, please uninstall it if you haven't done so already.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}
    IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf&q={searchTerms}
    IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108714&babsrc=SP_ss&mntrId=240e99d100000000000000234e729955
    IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:325064EA
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4BB26BE9
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2B99FE60
    
    :files
    C:\Program Files\IObit\Advanced SystemCare 5
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [clearallrestorepoints]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 8th, 2012, 5:43 pm

Hi Cypher, sorry I missed the instructions on removing Advanced System Care 5. I have done this now and have done the scans you suggested. Here are the logs:


OTL logfile created on: 5/8/2012 10:05:38 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 47.72% Memory free
4.10 Gb Paging File | 2.92 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 11.77 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 6.30 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
PRC - [2012/04/28 03:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/22 13:33:22 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/02 23:08:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/12 03:39:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:36:33 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:36:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:35:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:34:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/05/03 01:59:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/11 19:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/15 02:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/04/30 10:56:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/04/30 10:56:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/04/30 10:56:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/06 10:30:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/08 10:01:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D132E251-F89F-49FC-8B4D-BC0FE177AA07}\MpKsl5125c685.sys -- (MpKsl5125c685)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/01 23:18:28 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2011/08/19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/07 10:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/03/30 12:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/21 18:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/18 20:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 16:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 20:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/02 21:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/09/29 21:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0DE7E63F-9B26-48AE-9CE9-64F921EEF81A}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108714&babsrc=SP_ss&mntrId=240e99d100000000000000234e729955
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{3AB02F26-10C0-4977-8810-4F016257C733}: "URL" = http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=5091cce4-295f-419f-83e1-8693d92eff8e&query={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{AB19A308-BCB6-4A7E-A78C-A3FF41782F8B}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =685749&p={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{ec9658c7-78c3-431f-be24-6fa2ad5bb935}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 18:32:55 | 000,000,000 | ---D | M]

[2011/02/20 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/26 21:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Time spend on Facebook = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdiihnkhjaiokcaeiecemajlohbhefo\0.21_0\
CHR - Extension: Google Search = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/20 14:17:05 | 000,442,659 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 edgefcs.net
O1 - Hosts: 127.0.0.1 cp72511.edgefcs.net
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15211 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Facebook Update] C:\Users\Athena\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Athena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F0BBE-A709-487A-A02F-BB25C5863F9F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 10:04:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 09:10:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 09:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 09:09:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 07:05:52 | 000,000,000 | ---D | C] -- C:\Users\Athena\Desktop\PDF content
[2012/05/06 11:18:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/05 17:43:08 | 000,000,000 | ---D | C] -- C:\Users\Athena\AppData\Local\Facebook
[2012/05/05 17:42:54 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/04/30 21:25:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/30 21:24:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/08 10:05:22 | 000,716,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/08 10:05:22 | 000,148,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 10:01:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/05/08 10:01:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 10:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 10:00:38 | 2070,831,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/08 09:38:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 09:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:09:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 09:02:28 | 000,458,240 | ---- | M] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/08 08:51:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/07 17:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/05/06 11:18:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/06 00:34:23 | 000,001,356 | ---- | M] () -- C:\Users\Athena\AppData\Local\d3d9caps.dat
[2012/05/05 18:23:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/05/05 17:42:46 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/05/03 09:05:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/04/30 21:25:26 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/20 14:17:05 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 19:42:59 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120420-141704.backup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 09:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:02:32 | 000,458,240 | ---- | C] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/06 00:46:30 | 2070,831,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 17:43:12 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/05 17:43:10 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/03/23 19:27:53 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/23 19:27:53 | 000,106,184 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/01 02:34:42 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/12/30 16:35:20 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/12/07 19:42:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/19 10:21:23 | 000,296,135 | ---- | C] () -- C:\Users\Athena\AppData\Local\census.cache
[2011/09/19 10:20:57 | 000,213,728 | ---- | C] () -- C:\Users\Athena\AppData\Local\ars.cache
[2011/09/19 10:11:55 | 000,000,036 | ---- | C] () -- C:\Users\Athena\AppData\Local\housecall.guid.cache
[2011/09/18 02:22:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/08/10 05:49:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/08/26 04:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/26 04:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/26 04:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/26 03:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/26 03:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/26 03:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/26 03:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== Files - Unicode (All) ==========
[2011/06/11 21:39:13 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/11 21:39:13 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/06 13:44:02 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/06 13:44:02 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/05 10:27:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т
[2011/06/05 10:27:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:325064EA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >



C:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\Athena\Downloads\asc-setup (1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\Athena\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application


Is there more I need to do? thanks.
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Gowton » May 9th, 2012, 4:06 am

Oh I forgot to mention that my laptop is behaving better. I have not been knocked offline yet so there is progress ;)
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 9th, 2012, 5:28 am

Hi Gowton,
Oh I forgot to mention that my laptop is behaving better. I have not been knocked offline yet so there is progress

Good news but stay with me we still have work to do.
First please delete any OTL logs that are on your desktop.

Next.

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Vista or Win 7, 32 bit: SQW7-Vista_x32.TXT

Next.

Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

Next.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it. (Right click and choose "Run as administrator" in Vista/Win7)
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 9th, 2012, 6:45 am

Ok here's what happened. I ran the OTL fix and rebooted. once my laptop restarted I got same problem.. could not get back online. I had to restart the router and do another reboot to get back online.

Once online I followed the remaining instructions. Here are the logs:


All processes killed
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ not found.
Registry key hkey_current_user\software\datamngr\ deleted successfully.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ deleted successfully.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ not found.
Registry key hkey_local_machine\software\bandoo\ not found.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ not found.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ not found.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\appinit_dlls deleted successfully.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Athena\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Athena\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Athena\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Athena\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Athena\AppData\Local\ilivid player not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilividsetupv1.exe not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Athena\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\bandoov6.exe not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\setupdatamngr_searchqu.exe not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Athena\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Athena\appdata\locallow\searchquband not found.
File/Folder C:\Users\Athena\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Athena\downloads\sweetimsetup.exe not found.
File/Folder C:\Users\Athena\downloads\ilividsetupv1.exe not found.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Athena
->Temp folder emptied: 34278 bytes
->Temporary Internet Files folder emptied: 459464 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 31610120 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135010 bytes
RecycleBin emptied: 106147 bytes

Total Files Cleaned = 31.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05092012_105502

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff
Log created at 11:18 on 09/05/2012 by Athena
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe --a--c- 3622440 bytes [13:16 11/03/2012] [14:24 04/03/2012] C8B7EE64865FBA4A1867D0A3E8034561
C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe --a--c- 3622440 bytes [13:16 11/03/2012] [14:24 04/03/2012] C8B7EE64865FBA4A1867D0A3E8034561

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=1021&systemid=1&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=1021&systemid=1&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=1021&systemid=1&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\WhiteSmoke]

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-


Ok. Waiting for further instructions :)
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 9th, 2012, 11:13 am

Hi Gowton,
I ran the OTL fix and rebooted. once my laptop restarted I got same problem.. could not get back online. I had to restart the router and do another reboot to get back online.

Sorry to hear that, lets get your computer clean first then see if this problem still exists.

Again first please delete any OTL logs that are on your desktop.

Next

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.


We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
    [-HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
    [-HKEY_CURRENT_USER\Software\WhiteSmoke]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
    [-HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\WhiteSmoke]
    
    :files
    C:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe 
    C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe 
    C:\Users\Athena\Downloads\asc-setup (1).exe
    C:\Users\Athena\Downloads\asc-setup.exe 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [clearallrestorepoints]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Double-click SystemLook.exe to run it. (Right click and choose "Run as administrator" in Vista/Win7)
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 9th, 2012, 12:53 pm

Hi Cypher. I did all that you asked. here are the logs:


All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_CURRENT_USER\Software\WhiteSmoke\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\WhiteSmoke\ not found.
========== FILES ==========
C:\ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe moved successfully.
File\Folder C:\Users\All Users\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe not found.
C:\Users\Athena\Downloads\asc-setup (1).exe moved successfully.
C:\Users\Athena\Downloads\asc-setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Athena\Desktop\cmd.bat deleted successfully.
C:\Users\Athena\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Athena
->Temp folder emptied: 34916 bytes
->Temporary Internet Files folder emptied: 64277 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10890773 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123618 bytes
RecycleBin emptied: 42508 bytes

Total Files Cleaned = 11.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05092012_165100

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


SystemLook 30.07.11 by jpshortstuff
Log created at 16:58 on 09/05/2012 by Athena
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05092012_165100\C_ProgramData\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe --a--c- 3622440 bytes [13:16 11/03/2012] [14:24 04/03/2012] C8B7EE64865FBA4A1867D0A3E8034561

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-


OTL logfile created on: 5/9/2012 5:24:19 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.35% Memory free
4.10 Gb Paging File | 2.95 Gb Available in Paging File | 72.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 9.98 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 8.90 Gb Free Space | 12.79% Space Free | Partition Type: NTFS

Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
PRC - [2012/04/28 03:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/22 13:33:22 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/02 23:08:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/10/12 03:39:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:36:33 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:36:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:35:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:34:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/05/03 01:59:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/11 19:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/15 02:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/04/30 10:56:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/04/30 10:56:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/04/30 10:56:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wlidsvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 10:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/06 10:30:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 00:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/09 16:56:38 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E881A77-E804-4C55-9376-2AB27D31E91A}\MpKsl485133c4.sys -- (MpKsl485133c4)
DRV - [2012/05/09 16:41:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E881A77-E804-4C55-9376-2AB27D31E91A}\MpKsl82dc291d.sys -- (MpKsl82dc291d)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/01 23:18:28 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2011/08/19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/07 10:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/03/30 12:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/21 18:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/13 17:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/18 20:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 16:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 20:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/02 21:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2004/09/29 21:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{3AB02F26-10C0-4977-8810-4F016257C733}: "URL" = http://search.avg.com/route/?d=$instd$& ... =chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=5091cce4-295f-419f-83e1-8693d92eff8e&query={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{AB19A308-BCB6-4A7E-A78C-A3FF41782F8B}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =685749&p={searchTerms}
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes\{ec9658c7-78c3-431f-be24-6fa2ad5bb935}: "URL" = http://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 18:32:55 | 000,000,000 | ---D | M]

[2011/02/20 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions
[2010/10/19 19:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Athena\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/26 21:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Athena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Time spend on Facebook = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdiihnkhjaiokcaeiecemajlohbhefo\0.21_0\
CHR - Extension: Google Search = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Athena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/20 14:17:05 | 000,442,659 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 edgefcs.net
O1 - Hosts: 127.0.0.1 cp72511.edgefcs.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15211 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4292145869-839141467-1624706230-1000..\Run: [Facebook Update] C:\Users\Athena\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Athena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F0BBE-A709-487A-A02F-BB25C5863F9F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Athena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 11:21:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 10:04:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 09:10:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 09:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 09:09:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 07:05:52 | 000,000,000 | ---D | C] -- C:\Users\Athena\Desktop\PDF content
[2012/05/06 11:18:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/05 17:43:08 | 000,000,000 | ---D | C] -- C:\Users\Athena\AppData\Local\Facebook
[2012/05/05 17:42:54 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/04/30 21:25:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/30 21:24:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/05/09 17:01:56 | 000,716,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/09 17:01:56 | 000,148,618 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/09 16:55:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/05/09 16:55:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 16:55:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 16:55:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 16:55:25 | 000,513,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 16:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 16:54:34 | 2072,891,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 16:38:28 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/09 11:51:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/09 11:50:00 | 000,231,366 | ---- | M] () -- C:\Users\Athena\Desktop\snake-river.jpg
[2012/05/09 11:15:43 | 000,139,264 | ---- | M] () -- C:\Users\Athena\Desktop\SystemLook.exe
[2012/05/08 20:12:41 | 000,001,356 | ---- | M] () -- C:\Users\Athena\AppData\Local\d3d9caps.dat
[2012/05/08 17:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/05/08 10:04:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Athena\Desktop\OTL.exe
[2012/05/08 09:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:09:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Athena\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/08 09:02:28 | 000,458,240 | ---- | M] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/06 11:18:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Athena\Desktop\dds.com
[2012/05/05 18:23:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/05/05 17:42:46 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Athena\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2012/05/03 09:05:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/04/30 21:25:26 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/30 21:25:26 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/30 21:24:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/04/20 14:17:05 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 19:42:59 | 000,442,659 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120420-141704.backup

========== Files Created - No Company Name ==========

[2012/05/09 11:50:07 | 000,231,366 | ---- | C] () -- C:\Users\Athena\Desktop\snake-river.jpg
[2012/05/09 11:15:52 | 000,139,264 | ---- | C] () -- C:\Users\Athena\Desktop\SystemLook.exe
[2012/05/08 09:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 09:02:32 | 000,458,240 | ---- | C] () -- C:\Users\Athena\Desktop\CKScanner.exe
[2012/05/06 00:46:30 | 2072,891,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 17:43:12 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000UA.job
[2012/05/05 17:43:10 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4292145869-839141467-1624706230-1000Core.job
[2012/03/23 19:27:53 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/23 19:27:53 | 000,106,184 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/01 02:34:42 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/12/30 16:35:20 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/12/07 19:42:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/19 10:21:23 | 000,296,135 | ---- | C] () -- C:\Users\Athena\AppData\Local\census.cache
[2011/09/19 10:20:57 | 000,213,728 | ---- | C] () -- C:\Users\Athena\AppData\Local\ars.cache
[2011/09/19 10:11:55 | 000,000,036 | ---- | C] () -- C:\Users\Athena\AppData\Local\housecall.guid.cache
[2011/09/18 02:22:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/08/10 05:49:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/08/26 04:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/26 04:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/26 04:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/26 03:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/26 03:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/26 03:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/26 03:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== Files - Unicode (All) ==========
[2011/06/11 21:39:13 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/11 21:39:13 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\䥀Ї
[2011/06/06 13:44:02 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/06 13:44:02 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\馀˹
[2011/06/05 10:27:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т
[2011/06/05 10:27:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\瀘т

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >



OTL Extras logfile created on: 5/9/2012 5:24:19 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Athena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 60.35% Memory free
4.10 Gb Paging File | 2.95 Gb Available in Paging File | 72.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 9.98 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 8.90 Gb Free Space | 12.79% Space Free | Partition Type: NTFS

Computer Name: ATHENA-PC | User Name: Athena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4292145869-839141467-1624706230-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689654D-DDAA-4DEE-B39F-43723D2A61D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15B65947-41F1-4AB6-80F9-D001E9823981}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37F7DB1C-97B3-414E-AB7A-F094E68F4A62}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45E4DC25-D77A-4FF5-844B-B4BE31FD532E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B900881-13A1-4396-875B-DAAC867CDCEC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6BB55909-A1B9-4DAD-B37F-25B704E0232B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8BF6293B-E7D9-4A18-AE85-23AC80BAF1C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DD69651-2ADA-4905-BB89-DC9DDE9E9493}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F3FFCC2-BD70-48AD-B6E1-A2C2870F7CC2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A24E0BE6-B6DF-4C02-BE22-44DE5518F91F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8B855A8-13CA-452C-B639-94E163B7B559}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF41525C-A160-4DB6-9506-C2EE9124D105}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBA25A86-DB51-4421-BFFD-41D2B9185C5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839668C-E726-4A4D-BA26-CB3F61E42AB9}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{09CEAC2F-0180-4452-86E6-031923DB4221}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{0B32FFD9-0220-4D5A-9988-5D12D686BB61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0DE249EC-E92C-47D8-A3EC-32997601A6CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F388B47-814E-4F3F-82B2-859760D32881}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{11D92C4D-9730-48B0-BC1F-80C05FEEF2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13161FC7-C65A-4A09-BD88-BE62DD193480}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{18DEAD3F-50AB-46FC-AFEB-25EAFBB74826}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF2D08A-9BE8-4943-8DFB-AC4578B8E184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D2FBF3F-7D73-49B8-93F5-248369213DA1}" = protocol=17 | dir=in | app=f:\magicjack.exe |
"{1DC19C2B-39F0-43B1-9D7C-809A9F5D70A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F745759-7CD5-4A7E-B650-837155002EDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{205FD617-D857-4423-807A-72B76246E583}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{256FEF41-CFFC-4894-9C9F-D2DC20A0B541}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A13695C-BA16-45C2-B862-F4BC3054373D}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{2C26314D-62F9-41B2-B9A3-1ED185B35290}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C411C84-53D6-4469-905E-392FC486B67F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E68A8BA-2A8D-413E-995F-20425EB50C6E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{302CF5E3-5F91-4EDB-AA55-A9AB9B02AFDF}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3232618E-20BB-4467-9926-553334CE2CB9}" = dir=in | app=c:\users\athena\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{34CE2ECE-0455-4F90-B6CD-2AD626B18446}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{381ECEC6-BE8F-4526-8CE5-00AE0ADAA038}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A739DA8-A7F1-4163-B021-9D45959E7E7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ADDA58A-166D-45ED-B2E0-7BD98396E007}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3D24F9F9-E850-46C9-9406-B7419431426C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4291CB2B-AF9F-454F-B621-F3F910AD01E0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{500173A5-3983-4AEA-8871-1804A445B43B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5014C171-919D-476D-BE17-E716460C41B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5219AD82-4535-45B0-BA3D-7B39D1BBF104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53DB035E-4A44-493F-8061-8DB808CC1802}" = protocol=6 | dir=out | app=system |
"{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{566E13E7-A6C5-4876-A9D7-1E414830894E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{58539EBA-1BA6-48D4-B87B-2CF7A71E4E05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A5982D6-62B8-4DD4-AB0A-7BA934DF4E9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5C974394-7D55-414A-9CF6-BB3E379EC1B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E4789D0-3C40-4818-BF93-FAE11A634B25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E8D11AE-D8BC-4D82-9F96-F6159375705B}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{616270DB-2373-4C63-A0A6-0FB8892FBFF5}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6286BDA6-F74F-446C-B2C2-023EE460AD09}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{63487A8A-6807-4F44-AFA6-53BF899E1F88}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{63D83010-C40B-47E6-B860-6E591D54CA6A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64058BFC-EE9F-41CC-9BFB-397BBB1AF233}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6433445D-98DD-4CA5-9517-01F8A0B648CB}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{6486CFE6-C58B-47CE-8D87-C584A31EA27F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{662B402E-BFF3-470A-BF95-AF910E77C158}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{685C3898-7B1B-4D30-A65B-9D5B8516AEA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6861641A-64CB-4909-AE1B-9742975388BF}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{69DD78C0-E592-4AA5-9950-3E3D52ABEC3A}" = protocol=17 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{70EE5B4E-6EFD-4555-B913-48073B49346E}" = protocol=6 | dir=in | app=c:\users\athena\desktop\sweetimsetup.exe |
"{729D14B7-8B0D-4AC7-B43E-3C6C98FE6777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7339B7F7-96CB-4964-AB93-F2F957B2CEF2}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{74AE6906-EA9F-4EA3-85E7-5F806969D7BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{782B1532-616A-4555-933B-0D7A609CB435}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{78B61112-F0F1-4716-8B3D-D39BCFD66091}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B842830-0EE0-4AFF-9B64-ABDF3DB9D6A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C25EB82-4050-4259-A688-9E728E4EF952}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{820A18B6-CEA2-4CB3-9911-40A0C1A1D0D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E662E8-092F-4E1B-94CC-12B3A92B16FF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84D1126F-EE74-481C-87F5-8F2D2F239833}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{87837E6E-366D-4D90-8F1D-298A5B723E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8808E388-B436-4EDE-8E9A-53A680F8850D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{887F4DB3-68C1-44F8-A341-8962C08BBFA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88B5539A-01C4-4F8B-A6BC-738189C446CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8968B6E6-FAAC-47BE-83B5-B4E19C59D75F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8DED9F45-E51E-4D18-A83C-190D9583A9EC}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{8FE1C24D-F295-4AED-ABB6-C79080CA4BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949255BE-270C-4B55-8A47-CA66A348AF80}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{9BDB4ABC-97DA-41CC-B3EF-9939CAD86612}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BDC4922-9AC1-4B07-A353-00FAB42E4170}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9D6E20A9-10F6-42A4-8403-1BC31B77B241}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{9D98E990-C19D-4F98-98A9-1CBED704874E}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{9E8D99DC-1C1E-4C14-BF5D-D7CB03768709}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{9FD76A0D-C898-49D6-BC6C-2550491DC450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A393DB73-51AF-4804-B6ED-9AC47F71A4C9}" = protocol=6 | dir=in | app=f:\magicjack.exe |
"{A3B7047C-88BB-4C46-8635-B513FC56191A}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{A4A230D8-3309-46A5-9896-1A2A466106F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A556C65E-6F2A-4AFB-9862-C3BE1E090FCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A72FCB45-216E-45B3-999C-851963CF526A}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{AA84B0FC-1E52-46D2-9CFC-B77E09017365}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{B02BA571-E623-47F6-ACC9-7FEF4C26ACF6}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{B69029B2-A597-45F7-975A-81A2BCD32939}" = protocol=6 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{B793D141-BE4F-4531-84D1-8CD08735EC5D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{BA5EEAC4-BBD4-4655-BAE8-94F3EE16812F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BADE10F0-D2D9-4451-9C10-4EE9D7429246}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{C0E11B1E-5BAA-4643-AA01-B995F8D8B6F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1426FB8-1465-43CE-8701-D442BD713804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1DD3982-4297-4CF1-A531-D5689BBE943D}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2679D44-8051-4A03-83AE-55AA0C1D9BE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5B1BBB9-0312-4A19-9E8B-92B5F1C2E443}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C91578BC-5964-4F67-833C-A067298FAD53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C974A6FA-59C6-424B-9E4C-65802BE18D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA489281-0370-453B-8014-8147A3D7EDF4}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{CBFCEE09-B268-40D0-9B98-8253B9881C48}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CD16783D-9DF9-470E-8A88-FA0FECD133B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE3F0F08-F5EB-46F6-AF6D-63F7D76D8B75}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe |
"{CEBBE1AF-A9AC-488D-8919-1A08F589750C}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydl.exe |
"{D9A994B7-D83E-4DD2-9477-DEA90E16B606}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DAB536E2-8738-4BDA-822A-6ABB08839AC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB1B6BF0-FB23-4ED2-888D-C6782D89782E}" = protocol=17 | dir=in | app=c:\users\athena\appdata\roaming\mjusbsp\magicjack.exe |
"{DBFFFFC7-FD07-4718-99F8-6200842F3AE6}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{DD5230C0-20C5-421B-80A9-A00D3A14482A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF6C8874-08D1-454E-B74A-7B150B6E2900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0A69F3F-BD3D-4956-AACF-A71769EEC3C7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E2E5E4DD-C44D-42DD-96B5-4ECE172438B1}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E4C2FD8A-3EE3-4E31-B28F-6A89F796C628}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E68A7CEC-28BC-42DB-B3BE-172902CE0B87}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{E87B19EB-142D-43AC-A0B5-91093090286C}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E96A8F53-9ECF-4F07-849C-9D400BAD9C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF145C90-9629-425D-99E5-7C5820E365BE}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F04523A0-0A1A-49BA-82DB-E53B5E74E384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F17B8894-4B83-4DED-88C3-760FE526505B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F3F822F8-FDC1-416E-9A67-60DBAD656703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F49D54F5-3671-486E-9066-7EDB53DB57D7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F60402A0-E74A-4084-8C77-C452FDC16112}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F87084DD-4514-4A46-A74B-8D85DB397BFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A5A12E-71EB-41A5-A218-EA33AF1526CE}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F9C2557B-2A2A-489E-AD90-DF4790557E78}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD5308F5-6852-4BBF-9959-59EA78EAEE37}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17DD30CE-F0AF-4E46-97EE-DEDD59BD6FA0}" = MAGIX Music Maker MX Premium Download Version (Instrument package 1)
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25A3AFB2-BED8-477E-95C0-28ECDEE1D630}" = MAGIX Music Maker MX Premium Download Version (Instrument package 2)
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A61ACAF-29F5-4939-88DE-E2EF0647A4E7}" = MAGIX Music Maker MX Premium Download Version (Instrument package 3)
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5C19F599-20AD-4A27-8EB4-1B7121D4F603}" = MAGIX Music Maker MX Premium Download Version (Sound package)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4A3F-8D19-342A89631E0A}_is1" = Wav to Mp3 Converter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E890D16-5CB9-4F18-BAA1-CCD0A543CAE5}" = MAGIX Music Maker MX Premium Download Version
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994359E8-D614-4CC6-84DB-415C27D2BA12}" = MAGIX Screenshare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F94695-C59F-4BF1-A9C5-370DCCE8364D}_is1" = X2X Free Video Audio Merger 2.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCB66BD-328F-421C-96BA-8E66C7B69336}" = MAGIX Speed burnR (MSI)
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"Bryce 5" = Bryce(R) 5
"CCleaner" = CCleaner
"Color Schemes" = Color Schemes
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"EMCO Malware Destroyer_is1" = EMCO Malware Destroyer
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free Audio Editor" = Free Audio Editor
"Free Convert ASF WMV to AVI MP4 3GP Converter_is1" = Free Convert ASF WMV to AVI MP4 3GP Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{216107C4-4993-43F3-AA7A-D0508878C102}" = Canon DV TWAIN Driver 6.3.0
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"LManager" = Launch Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"OneClick Cleaner_is1" = OneClick Cleaner
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Poser 6" = Poser 6
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VoipCheapCom_is1" = VoipCheapCom
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2012 6:26:01 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/8/2012 6:36:40 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/8/2012 6:36:40 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/8/2012 6:36:40 AM | Computer Name = Athena-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2012 4:01:09 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2012 5:58:45 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2012 6:06:07 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2012 11:36:58 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2012 11:41:06 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/9/2012 11:55:48 AM | Computer Name = Athena-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/19/2011 12:34:42 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/28/2011 3:51:15 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection


Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 83
Description = Event Info: Exception opening connection to database. Program Guide
info not available. Data may be corrupt. Windows Media Center could not load the
Guide. Please restart the computer and try again. If the problem persists, see
Help for more information. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Database.GuideDbConnection


Error - 6/28/2011 3:51:21 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Unable to initialize connection to the database. Process:
DefaultDomain Object Name: Media Center Guide

Error - 7/11/2011 9:31:20 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/12/2011 4:17:43 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/16/2011 11:30:59 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/19/2011 8:55:05 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/29/2011 1:32:33 PM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/14/2011 11:32:28 AM | Computer Name = Athena-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 12/16/2009 12:54:07 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 472 seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/5/2011 5:09:27 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/16/2011 3:29:21 PM | Computer Name = Athena-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17866
seconds with 14100 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/9/2012 11:36:59 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2012 11:37:07 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/9/2012 11:39:46 AM | Computer Name = Athena-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.5 for the Network Card with network
address 00234E729955 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/9/2012 11:41:07 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2012 11:41:07 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2012 11:41:16 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/9/2012 11:51:01 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 5/9/2012 11:55:49 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2012 11:55:49 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/9/2012 11:55:49 AM | Computer Name = Athena-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Ok what shall I do next?
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 9th, 2012, 1:23 pm

Hi Gowton,
Good work you're doing great, your logs look much better.
We need to run one more fix, once done let me know if you are experiencing any problems now.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-4292145869-839141467-1624706230-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [clearallrestorepoints]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspected Malware on Laptop

Unread postby Gowton » May 9th, 2012, 2:22 pm

Hi again. Here's my log:


All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-4292145869-839141467-1624706230-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Athena\Desktop\cmd.bat deleted successfully.
C:\Users\Athena\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Athena
->Temp folder emptied: 32586 bytes
->Temporary Internet Files folder emptied: 64277 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7010140 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120840 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05092012_191332

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


So far so good. I haven't had a problem with the connection for a while now, and the speed has improved immensely. Does this mean it's clean now?
Gowton
Regular Member
 
Posts: 17
Joined: May 6th, 2012, 6:12 am

Re: Suspected Malware on Laptop

Unread postby Cypher » May 10th, 2012, 5:57 am

Hi Gowton,
So far so good. I haven't had a problem with the connection for a while now, and the speed has improved immensely.

Excellent.
Does this mean it's clean now?

Yes, your latest set of logs appear to be clean so you are good to go.
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware