Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Virus.. Need some help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Virus.. Need some help.

Unread postby queenoftheflock » June 9th, 2011, 10:10 pm

My AVG runs on a regular schedule. Last night it picked up that there were a 30 infections. They all appear similar to what is copied just below:

"Object name";"C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe"
"Detection name";"Virus found Win32/Heur.dropper"
"Object type";"file"
"SDK Type";"Core"
"Result";"Infected"
"Action history";""


Some of these moved to the virus vault but some didn't. They all seem to be in games too.. and some of these games are games that came with the computer in the first place.

I hadn't really noticed anything strange before now.

Here is the DDS

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by SplishSplash at 22:03:20 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5880.3979 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\CSHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Common Files\AOL\1279433697\ee\aolsoftware.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Google Update] "C:\Users\SplishSplash\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279433697\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{452AA06E-271D-43C8-AD8B-E8429C5EDAF1} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B}\37869627C65697 : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: CrowdStar Gamebar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: CrowdStar Gamebar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279433697\ee\AOLSoftware.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-7-31 266240]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-8 366640]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-9 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-09 02:03:23 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Malwarebytes
2011-06-09 02:03:16 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-09 02:03:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-09 02:03:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-09 02:03:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 20:02:45 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Phantasmat_bf_se1
2011-05-25 23:13:01 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 16:31:21 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Colibri Games
2011-05-21 16:31:21 -------- d-----w- C:\ProgramData\Colibri Games
2011-05-20 11:02:23 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-20 11:02:23 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-16 02:23:55 -------- d-----w- C:\Program Files (x86)\The Tiny Bang Story
2011-05-14 03:04:12 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-14 03:04:11 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-14 03:04:10 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-05-07 18:57:42 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-15 01:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-08 01:32:03 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2011-04-05 04:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 20:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
.
============= FINISH: 22:03:57.31 ===============


and here is the Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2010 9:21:36 PM
System Uptime: 6/9/2011 9:35:59 PM (1 hours ago)
.
Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 188.251 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.399 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 4/27/2011 5:03:25 PM - Windows Update
RP104: 5/7/2011 2:43:28 PM - HPSF Restore Point
RP105: 5/7/2011 2:51:23 PM - Installed Java(TM) 6 Update 25
RP106: 5/7/2011 2:54:22 PM - Removed Java(TM) 6 Update 25
RP107: 5/7/2011 2:57:24 PM - Installed Java(TM) 6 Update 25
RP108: 5/13/2011 11:00:20 PM - Windows Update
RP109: 5/13/2011 11:30:37 PM - Windows Update
RP110: 5/20/2011 7:12:22 AM - Windows Update
RP111: 5/25/2011 8:21:00 PM - Windows Update
RP112: 6/4/2011 5:11:39 PM - Scheduled Checkpoint
RP113: 6/5/2011 10:10:28 PM - HPSF Restore Point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
AGEIA PhysX v2.6.0
AIM 7
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.10
AMD USB Filter Driver
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ArtistScope Plugin FX
Ask Toolbar
AudibleManager
Avenue Flo
Avenue Flo: Special Delivery
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Bar
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
Drawn: Dark Flight &reg;
Drawn: The Painted Tower ™
Dream Chronicles: The Book of Air
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
EA Download Manager
Escape Rosecliff Island
Faerie Solitaire
FATE
ffdshow [rev 2527] [2008-12-19]
Gardenscapes
Garmin City Navigator North America NT 2011.30 Update
Golden Trails: The New Western Rush
Google Chrome
Google Earth
Google Update Helper
Hello Kitty Online POD Installer
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 25
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
MagiQuest Online (remove only)
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Age of Empires II
Microsoft Corporation
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
MotoConnect 1.1.31
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files &reg;: Dire Grove ™
Mystery Case Files: Return to Ravenhearst ™
Mystery P.I. - The New York Fortune
Penguins!
Phantasmat
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Redemption Cemetery: Curse of the Raven
Roxio CinemaNow 2.0
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.1
TextTwist 2
The Sims™ 3
The Tiny Bang Story
ToneThis
Trillian
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
Verizon V CAST Media Manager
Viewpoint Media Player
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zoosk Messenger
Zuma's Revenge
.
==== End Of File ===========================



Thank you so very much for your help!
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm
Advertisement
Register to Remove

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 13th, 2011, 7:23 am

Hi queenoftheflock,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.

I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.
;)

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 15th, 2011, 10:56 am

Hi queenoftheflock,

Apologies for the delay in responding and thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
Rkill

Firstly we will try to stop any active rogue processes that may interfere with the cleanup attempt:

  1. Please download Rkill by Grinler. Save it to your Desktop.
    Alternate download links are available as follows: Two, Three or Four.
    Note: If your security software warns about Rkill, please ignore and allow the download to continue.
  2. Double-click on the Rkill Desktop icon.
    Vista - W7 users: Right-click on the Rkill Desktop icon and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. A command window will open then disappear upon completion, this is normal.
    • If this does not happen, delete the file, then download and use the next alternative link provided.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know.
  4. When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  5. Copy and Paste the entire contents of the rkill.log file into your next reply.
    Note: Please leave Rkill on the Desktop unless instructed otherwise.
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.

Step 3:
Uninstall Programs

There are programs instaled on your system that need to be removed. Please follow the instructions below to uninstall them.

  1. Click on Start and then click on the Start Search box in the Start Menu.
  2. Copy and Paste the following value into the open text entry box:
      control appwiz.cpl
  3. Then click on the magnifying glass symbol or press Enter.
      Depending on your current view setting, then:
    • Double-click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  4. Scroll down to locate the following program(s):

      µTorrent
      Ask Toolbar
      Conduit Engine
      McAfee Security Scan Plus
      uTorrentBar Toolbar

  5. Select the program and click on Uninstall to uninstall it.
  6. Repeat steps 3 - 4 for each program in the list.
  7. In addition, have you chosen to install/use InstallIQ Updater? If not, please uninstall that program as well.
  8. When finished Close the Control Panel window.
  9. Restart the computer to complete removal of the programs.

Step 4:
Malwarebytes' Anti-Malware

I notice you already have this program installed on your computer. ;)
First, let's check for updates and then we'll run the program.

Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.

  1. Launch Malwarebytes' Anti-Malware
    Vista - W7 users: Right-click on the Malwarebytes' Anti-Malware desktop icon and select "Run As Administrator..." to launch the program. If you receive a UAC prompt, please allow it.
  2. You will be asked to update the program before performing a scan. Please do so.
    • If an update is found, the program will automatically downoad and install the update.
    • Click on the OK button to close that box and continue.
    • If you have any problems downloading updates download them manually from here and double-click on mbam-rules.exe to complete the installation.

On the Scanner tab:
  1. Make sure the Perform quick scan option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and then click on the Start Scan button.
  4. The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will be displayed saying The scan completed successfully. Click 'Show Results' to display all objects found.
  6. Click on the OK button to close the message box and continue with the removal process.

Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder and then click on the Remove Selected button.
    The System Volume Information items will be taken care of later.
  3. When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. (See Note below).
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either prompt and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 5:
aswMBR - Scan

  1. Please download aswMBR.exe © Avast Software ( 511KB ) and Save it to your Desktop.
  2. Double-click on aswMBR.exe to run the program.
    Vista - W7 users: Right-click on aswMBR.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Scan button to start the scan.
  4. On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the Save log button.
  5. You will be prompted to save a file named aswMBR.txt. Save it to your Desktop.
  6. Please Copy and Paste the contents of aswMBR.txt into your next reply.

Please Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. rkill.log.
  3. mbam-log-date (time).txt.
  4. aswMBR.txt.
  5. Do you have the original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 16th, 2011, 10:08 pm

Did you have any problems carrying out the instructions?
I wasn't able to get to the uninstall using the control appwiz.cpl but I went into my control panel and was able to uninstall all except the Ask Toolbar and for some reason, I didn't see it there.
Also, I am pretty sure that rkill was saved correctly but I don't see anything for it on my desktop like the others appear. Not sure it means anything but figured I would give you all information.


rkill.log.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/16/2011 at 21:38:36.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe


Rkill completed on 06/16/2011 at 21:38:51.

mbam-log-date (time).txt.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6874

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/16/2011 9:57:30 PM
mbam-log-2011-06-16 (21-57-30).txt

Scan type: Quick scan
Objects scanned: 186876
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


aswMBR.txt.

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-16 21:59:49
-----------------------------
21:59:49.748 OS Version: Windows x64 6.1.7600
21:59:49.748 Number of processors: 4 586 0x503
21:59:49.749 ComputerName: SPLISHSPLASH3 UserName: SplishSplash
21:59:51.949 Initialize success
22:00:06.064 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
22:00:06.066 Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
22:00:08.083 Disk 0 MBR read successfully
22:00:08.085 Disk 0 MBR scan
22:00:08.086 Disk 0 unknown MBR code
22:00:08.089 Service scanning
22:00:09.096 Disk 0 trace - called modules:
22:00:09.105 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
22:00:09.107 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800622c060]
22:00:09.110 3 CLASSPNP.SYS[fffff8800187143f] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8005dc29c0]
22:00:09.113 Scan finished successfully
22:00:30.580 Disk 0 MBR has been saved successfully to "C:\Users\SplishSplash\Desktop\MBR.dat"
22:00:30.580 The log file has been saved successfully to "C:\Users\SplishSplash\Desktop\aswMBR.txt"


Do you have the original Windows installation media for your PC? I don't believe it came with physical software but I do have everything that it did come with somewhere, however I recently moved and so which box it might be packed in is hard to know at this point as maybe 1/4 of my belongings have escaped the confines of the packing boxes. By the way, thank you for your help. I am still not certain if there is anything or if AVG was picking up something weird but I wanted to make sure either way.
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 18th, 2011, 2:26 am

Hi queenoftheflock,

Thank you for all your feedback. :thumbright:

I am pretty sure that rkill was saved correctly but I don't see anything for it on my desktop like the others appear. Not sure it means anything but figured I would give you all information.
FYI, Rkill by default saves its log to C:\rkill.log rather than to the Desktop as the other tools do. ;)

Again, please read the instructions below carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
TDSSKiller

Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!

  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click on TDSSKiller.exe and select "Run As Administrator..." to launch the program. If you receive a UAC prompt, please allow it.
    If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer 3 options.
    • Ensure Cure (default) is selected and then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

Step 2:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of both the DDS.txt and Attach.txt logs into your next reply.

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
  3. DDS.txt.
  4. Attach.txt.
  5. How is the computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 18th, 2011, 8:10 am

Did you have any problems carrying out the instructions? Everything ran smoothly.

TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.

It didn't find anything but here is the log

2011/06/18 08:00:24.0637 4888 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/18 08:00:25.0057 4888 ================================================================================
2011/06/18 08:00:25.0057 4888 SystemInfo:
2011/06/18 08:00:25.0057 4888
2011/06/18 08:00:25.0057 4888 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/18 08:00:25.0058 4888 Product type: Workstation
2011/06/18 08:00:25.0058 4888 ComputerName: SPLISHSPLASH3
2011/06/18 08:00:25.0058 4888 UserName: SplishSplash
2011/06/18 08:00:25.0058 4888 Windows directory: C:\Windows
2011/06/18 08:00:25.0058 4888 System windows directory: C:\Windows
2011/06/18 08:00:25.0058 4888 Running under WOW64
2011/06/18 08:00:25.0058 4888 Processor architecture: Intel x64
2011/06/18 08:00:25.0058 4888 Number of processors: 4
2011/06/18 08:00:25.0058 4888 Page size: 0x1000
2011/06/18 08:00:25.0058 4888 Boot type: Normal boot
2011/06/18 08:00:25.0058 4888 ================================================================================
2011/06/18 08:00:26.0493 4888 Initialize success
2011/06/18 08:01:02.0432 3388 ================================================================================
2011/06/18 08:01:02.0432 3388 Scan started
2011/06/18 08:01:02.0432 3388 Mode: Manual;
2011/06/18 08:01:02.0432 3388 ================================================================================
2011/06/18 08:01:03.0462 3388 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/18 08:01:03.0493 3388 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/18 08:01:03.0524 3388 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/18 08:01:03.0540 3388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/18 08:01:03.0587 3388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/18 08:01:03.0602 3388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/18 08:01:03.0696 3388 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/06/18 08:01:03.0743 3388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/18 08:01:03.0821 3388 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys
2011/06/18 08:01:03.0852 3388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/18 08:01:03.0883 3388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/18 08:01:03.0914 3388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/18 08:01:04.0039 3388 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/06/18 08:01:04.0195 3388 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/18 08:01:04.0226 3388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/18 08:01:04.0242 3388 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/18 08:01:04.0273 3388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/18 08:01:04.0289 3388 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/18 08:01:04.0351 3388 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/18 08:01:04.0367 3388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/18 08:01:04.0398 3388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/18 08:01:04.0414 3388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/18 08:01:04.0445 3388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/18 08:01:04.0476 3388 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
2011/06/18 08:01:04.0585 3388 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/18 08:01:04.0601 3388 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/18 08:01:04.0632 3388 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/18 08:01:04.0679 3388 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/06/18 08:01:04.0694 3388 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/06/18 08:01:04.0772 3388 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/06/18 08:01:04.0850 3388 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/06/18 08:01:04.0913 3388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/18 08:01:04.0960 3388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/18 08:01:05.0006 3388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/18 08:01:05.0053 3388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/18 08:01:05.0116 3388 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/18 08:01:05.0147 3388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/18 08:01:05.0162 3388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/18 08:01:05.0178 3388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/18 08:01:05.0209 3388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/18 08:01:05.0240 3388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/18 08:01:05.0256 3388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/18 08:01:05.0272 3388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/18 08:01:05.0318 3388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/18 08:01:05.0365 3388 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/18 08:01:05.0412 3388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/18 08:01:05.0459 3388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/18 08:01:05.0506 3388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/18 08:01:05.0537 3388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/18 08:01:05.0568 3388 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/18 08:01:05.0584 3388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/18 08:01:05.0630 3388 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/18 08:01:05.0662 3388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/18 08:01:05.0771 3388 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/06/18 08:01:05.0802 3388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/18 08:01:05.0818 3388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/18 08:01:05.0880 3388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/18 08:01:05.0958 3388 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/18 08:01:06.0052 3388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/18 08:01:06.0192 3388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/18 08:01:06.0223 3388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/18 08:01:06.0254 3388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/18 08:01:06.0270 3388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/18 08:01:06.0364 3388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/18 08:01:06.0442 3388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/18 08:01:06.0457 3388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/18 08:01:06.0488 3388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/18 08:01:06.0520 3388 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/18 08:01:06.0551 3388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/18 08:01:06.0629 3388 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/18 08:01:06.0660 3388 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/18 08:01:06.0691 3388 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/18 08:01:06.0722 3388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/18 08:01:06.0785 3388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/18 08:01:06.0816 3388 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/18 08:01:06.0847 3388 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/18 08:01:06.0878 3388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/18 08:01:06.0894 3388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/18 08:01:06.0925 3388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/18 08:01:06.0941 3388 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/18 08:01:07.0019 3388 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/18 08:01:07.0081 3388 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/18 08:01:07.0112 3388 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/18 08:01:07.0144 3388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/18 08:01:07.0190 3388 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/18 08:01:07.0237 3388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/18 08:01:07.0315 3388 IntcAzAudAddService (28ceefbd2c63f91dc17ded3e8d27ecf5) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/18 08:01:07.0378 3388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/18 08:01:07.0409 3388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/18 08:01:07.0456 3388 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/18 08:01:07.0487 3388 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/18 08:01:07.0518 3388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/18 08:01:07.0549 3388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/18 08:01:07.0580 3388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/18 08:01:07.0612 3388 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/18 08:01:07.0627 3388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/18 08:01:07.0658 3388 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/18 08:01:07.0721 3388 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/18 08:01:07.0768 3388 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/18 08:01:07.0783 3388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/18 08:01:07.0846 3388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/18 08:01:07.0877 3388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/18 08:01:07.0908 3388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/18 08:01:07.0939 3388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/18 08:01:07.0955 3388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/18 08:01:07.0986 3388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/18 08:01:08.0080 3388 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/18 08:01:08.0126 3388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/18 08:01:08.0142 3388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/18 08:01:08.0173 3388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/18 08:01:08.0267 3388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/18 08:01:08.0314 3388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/18 08:01:08.0329 3388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/18 08:01:08.0392 3388 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/18 08:01:08.0407 3388 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/18 08:01:08.0423 3388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/18 08:01:08.0454 3388 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/18 08:01:08.0516 3388 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/18 08:01:08.0579 3388 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/18 08:01:08.0594 3388 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/18 08:01:08.0610 3388 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/18 08:01:08.0657 3388 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/18 08:01:08.0688 3388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/18 08:01:08.0719 3388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/18 08:01:08.0782 3388 MSHUSBVideo (26668cc2920de2497a8e369b16e48ca3) C:\Windows\system32\Drivers\nx6000.sys
2011/06/18 08:01:08.0797 3388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/18 08:01:08.0828 3388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/18 08:01:08.0844 3388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/18 08:01:08.0860 3388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/18 08:01:08.0891 3388 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/18 08:01:08.0906 3388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/18 08:01:08.0938 3388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/18 08:01:08.0953 3388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/18 08:01:08.0984 3388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/18 08:01:09.0047 3388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/18 08:01:09.0094 3388 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/18 08:01:09.0125 3388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/18 08:01:09.0156 3388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/18 08:01:09.0187 3388 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/18 08:01:09.0218 3388 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/18 08:01:09.0234 3388 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/18 08:01:09.0281 3388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/18 08:01:09.0312 3388 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/18 08:01:09.0374 3388 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
2011/06/18 08:01:09.0421 3388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/18 08:01:09.0452 3388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/18 08:01:09.0468 3388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/18 08:01:09.0562 3388 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/18 08:01:09.0624 3388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/18 08:01:09.0671 3388 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/18 08:01:09.0718 3388 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/18 08:01:09.0796 3388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/18 08:01:09.0842 3388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/18 08:01:09.0905 3388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/18 08:01:09.0920 3388 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/18 08:01:09.0952 3388 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/18 08:01:09.0983 3388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/18 08:01:10.0014 3388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/18 08:01:10.0030 3388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/18 08:01:10.0061 3388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/18 08:01:10.0139 3388 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/18 08:01:10.0154 3388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/18 08:01:10.0201 3388 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/18 08:01:10.0248 3388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/18 08:01:10.0295 3388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/18 08:01:10.0326 3388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/18 08:01:10.0342 3388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/18 08:01:10.0373 3388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/18 08:01:10.0404 3388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/18 08:01:10.0420 3388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/18 08:01:10.0451 3388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/18 08:01:10.0466 3388 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/18 08:01:10.0498 3388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/18 08:01:10.0513 3388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/18 08:01:10.0544 3388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/18 08:01:10.0576 3388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/18 08:01:10.0607 3388 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/18 08:01:10.0638 3388 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/18 08:01:10.0716 3388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/18 08:01:10.0763 3388 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/18 08:01:10.0810 3388 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/18 08:01:10.0841 3388 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/18 08:01:10.0872 3388 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
2011/06/18 08:01:10.0919 3388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/18 08:01:10.0934 3388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/18 08:01:10.0981 3388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/18 08:01:11.0059 3388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/18 08:01:11.0090 3388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/18 08:01:11.0106 3388 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/18 08:01:11.0137 3388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/18 08:01:11.0184 3388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/18 08:01:11.0200 3388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/18 08:01:11.0231 3388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/18 08:01:11.0278 3388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/18 08:01:11.0356 3388 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/06/18 08:01:11.0449 3388 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/18 08:01:11.0512 3388 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/18 08:01:11.0558 3388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/18 08:01:11.0590 3388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/18 08:01:11.0714 3388 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/06/18 08:01:11.0777 3388 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/18 08:01:11.0839 3388 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/18 08:01:11.0870 3388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/18 08:01:11.0886 3388 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/18 08:01:11.0917 3388 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/18 08:01:11.0917 3388 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/18 08:01:11.0964 3388 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/18 08:01:11.0995 3388 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/18 08:01:12.0026 3388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/18 08:01:12.0042 3388 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/18 08:01:12.0089 3388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/18 08:01:12.0104 3388 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/18 08:01:12.0151 3388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/18 08:01:12.0229 3388 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/18 08:01:12.0245 3388 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/18 08:01:12.0276 3388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/18 08:01:12.0292 3388 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/18 08:01:12.0338 3388 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/18 08:01:12.0354 3388 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/18 08:01:12.0370 3388 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/18 08:01:12.0401 3388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/18 08:01:12.0448 3388 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/18 08:01:12.0463 3388 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/18 08:01:12.0526 3388 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/18 08:01:12.0557 3388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/18 08:01:12.0604 3388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/18 08:01:12.0635 3388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/18 08:01:12.0650 3388 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/18 08:01:12.0682 3388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/18 08:01:12.0713 3388 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/18 08:01:12.0728 3388 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/18 08:01:12.0760 3388 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/18 08:01:12.0791 3388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/18 08:01:12.0806 3388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/18 08:01:12.0838 3388 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/18 08:01:12.0884 3388 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/18 08:01:12.0916 3388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/18 08:01:12.0947 3388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/18 08:01:12.0978 3388 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/18 08:01:13.0009 3388 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
2011/06/18 08:01:13.0056 3388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/18 08:01:13.0087 3388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/18 08:01:13.0150 3388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/18 08:01:13.0165 3388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/18 08:01:13.0228 3388 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/18 08:01:13.0274 3388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/18 08:01:13.0321 3388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/18 08:01:13.0352 3388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/18 08:01:13.0384 3388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/18 08:01:13.0415 3388 MBR (0x1B8) (05a9b2e4056a863b0ac16384e91f5aac) \Device\Harddisk0\DR0
2011/06/18 08:01:13.0586 3388 ================================================================================
2011/06/18 08:01:13.0586 3388 Scan finished
2011/06/18 08:01:13.0586 3388 ================================================================================
2011/06/18 08:01:13.0602 1228 Detected object count: 0
2011/06/18 08:01:13.0602 1228 Actual detected object count: 0

DDS.txt.
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by SplishSplash at 8:05:22 on 2011-06-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5880.3977 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\CSHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\AOL\1279433697\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\AOL\1279433697\ee\aolupdates.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Google Update] "C:\Users\SplishSplash\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279433697\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{452AA06E-271D-43C8-AD8B-E8429C5EDAF1} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B}\37869627C65697 : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: CrowdStar Gamebar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: CrowdStar Gamebar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279433697\ee\AOLSoftware.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-7-31 266240]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-8 366640]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-9 1025352]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-17 04:58:02 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-17 04:56:56 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-17 04:56:56 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-09 02:03:23 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Malwarebytes
2011-06-09 02:03:16 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-09 02:03:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-09 02:03:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-09 02:03:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 20:02:45 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Phantasmat_bf_se1
2011-05-25 23:13:01 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 16:31:21 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Colibri Games
2011-05-21 16:31:21 -------- d-----w- C:\ProgramData\Colibri Games
2011-05-20 11:02:23 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-20 11:02:23 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-07 18:57:42 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-15 01:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-08 01:32:03 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2011-04-05 04:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 8:06:02.99 ===============


Attach.txt.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2010 9:21:36 PM
System Uptime: 6/17/2011 3:29:47 AM (29 hours ago)
.
Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 187.522 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.399 GiB free.
E: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP110: 5/20/2011 7:12:22 AM - Windows Update
RP111: 5/25/2011 8:21:00 PM - Windows Update
RP112: 6/4/2011 5:11:39 PM - Scheduled Checkpoint
RP113: 6/5/2011 10:10:28 PM - HPSF Restore Point
RP114: 6/13/2011 12:00:02 AM - Scheduled Checkpoint
RP115: 6/15/2011 8:10:06 PM - Windows Backup
RP116: 6/16/2011 9:36:30 PM - MWURestorePoint
RP117: 6/16/2011 9:46:55 PM - Removed InstallIQ Updater
RP118: 6/17/2011 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
AGEIA PhysX v2.6.0
AIM 7
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.10
AMD USB Filter Driver
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ArtistScope Plugin FX
Ask Toolbar
AudibleManager
Avenue Flo
Avenue Flo: Special Delivery
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Bar
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
Drawn: Dark Flight &reg;
Drawn: The Painted Tower ™
Dream Chronicles: The Book of Air
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
EA Download Manager
Escape Rosecliff Island
Faerie Solitaire
FATE
ffdshow [rev 2527] [2008-12-19]
Gardenscapes
Garmin City Navigator North America NT 2011.30 Update
Golden Trails: The New Western Rush
Google Chrome
Google Earth
Google Update Helper
Hello Kitty Online POD Installer
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 25
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
MagiQuest Online (remove only)
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft Age of Empires II
Microsoft Corporation
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
MotoConnect 1.1.31
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files &reg;: Dire Grove ™
Mystery Case Files: Return to Ravenhearst ™
Mystery P.I. - The New York Fortune
Penguins!
Phantasmat
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Redemption Cemetery: Curse of the Raven
Roxio CinemaNow 2.0
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.1
TextTwist 2
The Sims™ 3
The Tiny Bang Story
ToneThis
Trillian
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon V CAST Media Manager
Viewpoint Media Player
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zoosk Messenger
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/17/2011 3:09:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/17/2011 3:09:43 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

How is the computer now running? Computer is running fine. I havent used AVG since I started this process with you and that's where I was seeing that the viruses existed. Nothing else has shown this though so I am wondering if it isn't some kind of false positive on the AVG scan. Your thoughts?

And thank you again for your help!
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 20th, 2011, 3:55 pm

Hi queenoftheflock,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
OTL - Scan

Please download OTL.exe by Old Timer and Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

  1. Double-click on OTL.exe to run the program. Keep all other windows closed and let OTL run uninterrupted.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  2. When the window appears, under Output at the top of the window, make sure Minimal Output is selected.
  3. In the Standard Registry section make sure the All option is selected.
  4. Check both the LOP Check and Purity Check options.
  5. Copy the contents of the codebox below by highlighting the text and pressing Ctrl + C on the keyboard:

    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  6. Click in the Custom Scan area at the bottom of the window and press Ctrl + V on the keyboard to paste the above.
  7. Then click on the Run Scan button. The scan won't take long.
  8. When the scan has completed, Notepad will automatically open the following log files: OTL.txt and Extras.txt. These will be saved in the same location as OTL.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  9. Please post the contents of both OTL.txt and Extras.txt files into your next reply.

Step 2:
ESET NOD32 Online Scan

Note: Either Internet Explorer or Mozilla FireFox can be used for this scan. However, you will need to disable your currently installed Anti-Virus software. Reference on how to do this can be read here.

Vista - W7 users: Close your browser, right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator".

  1. Please go to ESET Online Scanner - © ESET (All Rights Reserved) to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  2. Check the box next to "Yes, I accept the Terms of Use."
  3. Then click on the Start button.
    A window will open. It may appear nothing is happening, but please be patient.
  4. When prompted allow the Add-On/Active X to install.
  5. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  6. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  7. Click on the Start button.
  8. The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  9. When completed the Online Scan will begin automatically.
  10. Do not touch either the Mouse or Keyboard during the scan otherwise it may stall. It may take a while so, again, please be patient.
  11. When scan is completed, select Uninstall application on close if you so wish. Make sure you copy the logfile first!
  12. Then click on the Finish button.
  13. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
  14. Copy and Paste the entire contents of log.txt into your next reply.

Remember to re-enable your Anti-virus application after running the above scan!

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL.txt.
  3. Extras.txt.
  4. log.txt.
  5. How is your computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 21st, 2011, 6:53 pm

Step 3:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL.txt.

OTL logfile created on: 6/20/2011 10:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\SplishSplash\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 70.27% Memory free
11.48 Gb Paging File | 9.64 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.75 Gb Total Space | 187.27 Gb Free Space | 20.36% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.10 Gb Free Space | 2.37% Space Free | Partition Type: UDF

Computer Name: SPLISHSPLASH3 | User Name: SplishSplash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SplishSplash\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\CSHelper.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files (x86)\Common Files\AOL\1279433697\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\SplishSplash\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (CSHelper) -- C:\Windows\SysWOW64\CSHelper.exe ()
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (wanatw) WAN Miniport (ATW) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com"
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/11 08:45:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/02 22:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/08 09:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/08 16:00:00 | 000,000,000 | ---D | M]

[2010/07/12 21:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Extensions
[2010/07/12 21:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/02 22:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions
[2010/12/04 11:07:59 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/08 16:06:45 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/05/27 23:40:41 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/05/14 21:07:00 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/03/31 18:49:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/14 09:10:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com
[2011/06/04 17:06:16 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com
[2010/07/18 12:09:56 | 000,002,277 | ---- | M] () -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\aol-search.xml
[2011/06/20 22:27:25 | 000,002,567 | ---- | M] () -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\askcom.xml
[2010/06/08 11:31:24 | 000,000,923 | ---- | M] () -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\conduit.xml
[2011/05/08 09:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/08 09:42:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/05 09:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 19:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 12:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 23:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 14:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/02 22:37:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/06/11 08:45:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\SPLISHSPLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HPR75P9V.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 01:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2011/05/07 14:57:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/07 17:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 17:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/04/14 03:39:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/18 01:11:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/11 11:09:31 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279433697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Google Update] C:\Users\SplishSplash\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/15 20:58:08 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2011/06/15 20:58:08 | 000,000,133 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{480ff71f-964a-11df-baeb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{480ff71f-964a-11df-baeb-00038a000015}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O33 - MountPoints2\{69c54400-009c-11e0-ba7b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{69c54400-009c-11e0-ba7b-00038a000015}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 22:29:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\SplishSplash\Desktop\OTL.exe
[2011/06/17 00:57:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 00:57:25 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 00:57:24 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 00:57:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/17 00:57:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 00:57:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 00:57:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 00:57:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 00:57:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 00:57:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 00:57:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/17 00:57:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 00:57:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 00:57:21 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 00:57:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/06/17 00:57:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/06/17 00:57:12 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/08 22:03:23 | 000,000,000 | ---D | C] -- C:\Users\SplishSplash\AppData\Roaming\Malwarebytes
[2011/06/08 22:03:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/08 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/08 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/08 22:03:13 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/08 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/28 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\SplishSplash\AppData\Roaming\Phantasmat_bf_se1
[2011/05/25 19:13:01 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 22:34:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 22:34:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 22:32:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 22:31:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/20 22:31:18 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/20 22:31:18 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/20 22:29:54 | 119,279,309 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/06/20 22:29:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\SplishSplash\Desktop\OTL.exe
[2011/06/20 22:26:43 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 22:26:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/20 22:26:05 | 329,166,847 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 23:40:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4217407340-3440351950-3749459695-1001UA.job
[2011/06/17 20:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4217407340-3440351950-3749459695-1001Core.job
[2011/06/17 03:31:17 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSplishSplash.job
[2011/06/17 03:31:04 | 000,360,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/16 22:00:30 | 000,000,512 | ---- | M] () -- C:\Users\SplishSplash\Desktop\MBR.dat
[2011/06/15 20:04:16 | 000,002,445 | ---- | M] () -- C:\Users\SplishSplash\Desktop\Google Chrome.lnk
[2011/06/14 21:40:06 | 000,229,038 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/06/08 22:03:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 22:37:07 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 22:00:30 | 000,000,512 | ---- | C] () -- C:\Users\SplishSplash\Desktop\MBR.dat
[2011/06/08 22:03:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 01:12:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/26 23:30:14 | 000,005,632 | ---- | C] () -- C:\Users\SplishSplash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 19:25:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/31 17:45:55 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\CSHelper.exe
[2010/07/18 00:43:38 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/11 21:38:06 | 000,000,386 | ---- | C] () -- C:\Users\SplishSplash\AppData\Roaming\wklnhst.dat
[2010/05/10 18:45:48 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/10 18:14:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/05/10 18:02:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/28 15:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2006/09/26 15:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006/09/08 10:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2000/09/19 20:55:00 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2010/07/12 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\acccore
[2010/11/26 01:53:14 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Amazon
[2010/10/20 07:30:06 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\AVG10
[2010/07/17 11:54:24 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Awem
[2010/07/17 17:27:23 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\BackTalk
[2011/04/03 09:51:39 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Big Fish Games
[2011/05/21 12:31:21 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Colibri Games
[2011/02/13 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/07/18 11:03:06 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\DigirononGames
[2010/08/29 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\ERS Game Studios
[2010/12/04 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\GARMIN
[2010/09/04 19:28:49 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Ludia
[2011/05/28 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Phantasmat_bf_se1
[2010/07/11 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\PictureMover
[2010/11/21 16:24:07 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\PlayFirst
[2011/01/23 22:23:55 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Playrix Entertainment
[2010/07/28 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\SecondLife
[2010/08/05 21:45:28 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Template
[2010/12/23 23:19:21 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Trillian
[2011/06/16 21:42:24 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\uTorrent
[2010/07/11 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\WildTangent
[2010/07/20 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\WinBatch
[2010/10/24 00:05:57 | 000,000,000 | ---D | M] -- C:\Users\SplishSplash\AppData\Roaming\Windows Live Writer
[2010/10/31 14:20:30 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/20 22:26:22 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/06/06 17:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:B54E4B5A
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:05F547A9
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:D8F9D810
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:268BA8AB
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:14362DF8
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:BCDBBA6D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:98F6F85C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:B5988350

< End of report >

Extras.txt.

OTL Extras logfile created on: 6/20/2011 10:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\SplishSplash\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 70.27% Memory free
11.48 Gb Paging File | 9.64 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.75 Gb Total Space | 187.27 Gb Free Space | 20.36% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.10 Gb Free Space | 2.37% Space Free | Partition Type: UDF

Computer Name: SPLISHSPLASH3 | User Name: SplishSplash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{481A433E-2DB0-4650-9CEC-BE02413DF815}" = AVG 2011
"{4ACA6F0A-97D9-4CD0-9F66-2CFB30A97E3C}" = Microsoft Image Composite Editor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB4F0BE4-3DCB-4C5C-8B2B-C07CC916A6B5}" = AVG 2011
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20556CF2-5506-4965-A0C2-A70B66FB01B1}_is1" = Hello Kitty Online POD Installer
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C505742A-0F8E-467B-8763-31588A777BC2}" = Garmin City Navigator North America NT 2011.30 Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE97E5F6-DA28-5C2E-D7C5-A960DC755899}" = Zoosk Messenger
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"AudibleManager" = AudibleManager
"BFG-Avenue Flo" = Avenue Flo
"BFG-Avenue Flo - Special Delivery" = Avenue Flo: Special Delivery
"BFGC" = Big Fish Games: Game Manager
"BFG-Drawn - Dark Flight" = Drawn: Dark Flight &reg;
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"BFG-Dream Chronicles - The Book of Air" = Dream Chronicles: The Book of Air
"BFG-Gardenscapes" = Gardenscapes
"BFG-Golden Trails The New Western Rush" = Golden Trails: The New Western Rush
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files &reg;: Dire Grove ™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Phantasmat" = Phantasmat
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-The Tiny Bang Story" = The Tiny Bang Story
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MQOnline" = MagiQuest Online (remove only)
"My HP Game Console" = HP Game Console
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ToneThis" = ToneThis
"Trillian" = Trillian
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

log.txt.

I hope this is what you were wanting. I didn't see any other logs.

C:\Users\SplishSplash\AppData\Local\Temp\jar_cache1465190934333121395.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan
C:\Users\SplishSplash\AppData\Local\Temp\jar_cache8842031354684700519.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan
C:\Users\SplishSplash\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\290a52e3-3c49ad94 multiple threats
C:\Users\SplishSplash\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-5965ccda a variant of Java/TrojanDownloader.OpenStream.NBF trojan

How is your computer now running?

It seems to be running ok. I am concerned seeing the Java viruses as I had another virus on Java a while back but AVG cleaned it right up, or at least I thought it did.

Thank you again for all of your help.
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 24th, 2011, 6:00 am

Hi queenoftheflock,

Apolgies for the delay in getting back to you and thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
Uninstall Programs

  1. Click on Start and then click on the Start Search box in the Start Menu.
  2. Copy and Paste the following value into the open text entry box:
      control appwiz.cpl
      or
      shell:ChangeRemoveProgramsFolder
  3. Then click on the magnifying glass symbol or press Enter.
      Depending on your current view setting, then:
    • Double-click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  4. Scroll down to locate the following program(s):

      Java Auto Updater

  5. Select the program and click on Uninstall to uninstall it.
  6. Repeat steps 3 - 4 for each program in the list.
  7. When finished Close the Control Panel window.
  8. Restart the computer to complete removal of the programs.

Step 3:
OTL - Script

Next we need to run an OTL Fix.

  • Double-click OTL.exe to launch the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  • Copy and Paste the following code into the Custom Fixes textbox. Do not include the word Code.
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com"
    FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com <mailto:toolbar@ask.com>:3.11.3.15590
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    [2011/05/27 23:40:41 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/05/14 21:07:00 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    [2011/03/31 18:49:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/05/14 09:10:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com
    [2011/06/04 17:06:16 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com
    [2011/06/20 22:27:25 | 000,002,567 | ---- | M] () -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\askcom.xml
    [2010/06/08 11:31:24 | 000,000,923 | ---- | M] () -- C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\conduit.xml
    [2010/09/05 09:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/19 19:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/08 12:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/14 23:04:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKCU..\Run: [EA Core] File not found
    O4 - HKCU..\Run: [Google Update] C:\Users\SplishSplash\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab> (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab> (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab> (Java Plug-in 1.6.0_25)
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:0E22C5DB
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:B54E4B5A
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:0BBF232A
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:05F547A9
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:D8F9D810
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:A02025CE
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:268BA8AB
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C22674B6
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:AFB24B00
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:A4AF8D0D
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:14362DF8
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:F84B8DB5
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:BCDBBA6D
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:98F6F85C
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:B5988350
    
    :files
    C:\Program Files (x86)\Ask.com
    C:\Users\SplishSplash\AppData\Roaming\uTorrent
    C:\Users\SplishSplash\AppData\Roaming\WildTangent
    
    :reg
    [-HKEY_CLASSES_ROOT\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [-HKEY_CLASSES_ROOT\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
    "H"=-
    [HKM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] /64
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [-HKLM\software\microsoft\shared tools\msconfig\startupfolder\C:^PROGRAM FILES^MICROSOFT^Windows^STARTMENU\Programs^Startup^PICTURE MOVER.lnk]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] /64
    "StartCCC"=-
    "HP Software Update"=-
    "HostManager"=-
    "Adobe Reader Speed Launcher"=-
    "Adobe ARM"=-
    "QuickTime Task"=-
    "LifeCam"=-
    "SunJavaUpdateSched"=-
    
    :commands
    [EMPTYTEMP]
    [RESETHOSTS]
  • Click the Run Fix button at the top.
  • Then click on the OK button to continue.
  • OTL may ask to reboot the machine. Please allow it to do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 4:
Malwarebytes' Anti-Malware - Full Scan

  1. Please launch MBAM (Malwarebytes' Anti-Malware) again.
    Vista - W7 users: Right-click on the Malwarebytes' Anti-Malware desktop icon and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    You must be connected to the Internet to obtain any updates.
  2. Click on the Update tab and then click on the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date:
  3. Click on the Scanner tab.
  4. Select the Perform FULL SCAN option this time and then click on the Scan button.
    Please Note: This scan will take a while, so please be patient.
    When the scan has finished:
  5. Check all items EXCEPT any items (if present) in the C:\System Volume Information folder and then click on Remove Selected.
  6. Let MBAM remove what it can. If there are files to be deleted on reboot, please reboot the machine so MBAM can complete the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Click on the Log tab and locate the most current log file.
  8. Copy and Paste the entire contents of the most recent log (mbam-log-yyyy-mm-dd (hh-mm-ss).txt) into your next reply and exit MBAM.

Step 5:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL log.
  3. mbam-log-yyyy-mm-dd (hh-mm-ss).txt.
  4. How is the computer now running?

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 24th, 2011, 10:34 pm

I have created the restore point and had moved on to your uninstall request. The only thing I see in my list is Java(TM) 6 Updated 25. I don't see anything named Java Auto Updater in the list. I wanted to get your feedback before proceeding. I haven't completed steps 3, 4, or 5 but will when I hear back from you regarding the Java inquiry.

Thank you again!
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 25th, 2011, 1:34 am

Hi queenoftheflock,

Thank you for the update. :)
Please continue with the remainder of the steps and post back the logs.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 26th, 2011, 10:27 pm

Did you have any problems carrying out the instructions? No. I removed the Java(TM) 6 Updated 25 and hopefully that took care of the Java Auto Updater.

OTL log.

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Swag Bucks Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://www.swagbucks.com" removed from browser.startup.homepage
Prefs.js: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com <mailto:toolbar@ask.com>:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\searchplugin folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\META-INF folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\lib folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\defaults folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\chrome folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-25-May-2011-23-08-17-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-24-Mar-2011-23-43-41-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-14-Oct-2010-16-42-02-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Oct-2010-13-53-52-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-28-May-2011-20-35-55-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-04-Jun-2011-21-11-49-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-14-Mar-2011-23-06-13-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-24-Dec-2010-01-48-11-GMT folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\askcom.xml moved successfully.
C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\searchplugins\conduit.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmartMenu deleted successfully.
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
C:\Users\SplishSplash\AppData\Local\Google\Update\GoogleUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HLBackupScheduler deleted successfully.
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:0E22C5DB deleted successfully.
ADS C:\ProgramData\Temp:B54E4B5A deleted successfully.
ADS C:\ProgramData\Temp:0BBF232A deleted successfully.
ADS C:\ProgramData\Temp:05F547A9 deleted successfully.
ADS C:\ProgramData\Temp:D8F9D810 deleted successfully.
ADS C:\ProgramData\Temp:A02025CE deleted successfully.
ADS C:\ProgramData\Temp:268BA8AB deleted successfully.
ADS C:\ProgramData\Temp:C22674B6 deleted successfully.
ADS C:\ProgramData\Temp:AFB24B00 deleted successfully.
ADS C:\ProgramData\Temp:A4AF8D0D deleted successfully.
ADS C:\ProgramData\Temp:14362DF8 deleted successfully.
ADS C:\ProgramData\Temp:F84B8DB5 deleted successfully.
ADS C:\ProgramData\Temp:BCDBBA6D deleted successfully.
ADS C:\ProgramData\Temp:98F6F85C deleted successfully.
ADS C:\ProgramData\Temp:B5988350 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\WildTangent\My HP Game Console\en-us folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\WildTangent\My HP Game Console folder moved successfully.
C:\Users\SplishSplash\AppData\Roaming\WildTangent folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\H not found.
Registry value Invalid\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^PROGRAM FILES^MICROSOFT^Windows^STARTMENU\Programs^Startup^PICTURE MOVER.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LifeCam deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 35861207 bytes
->Temporary Internet Files folder emptied: 57571373 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105197356 bytes
->Flash cache emptied: 117680 bytes

User: Public

User: SplishSplash
->Temp folder emptied: 163975822 bytes
->Temporary Internet Files folder emptied: 75488430 bytes
->Java cache emptied: 267087 bytes
->FireFox cache emptied: 1057539751 bytes
->Google Chrome cache emptied: 10920269 bytes
->Flash cache emptied: 3026588 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290567360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
RecycleBin emptied: 50086 bytes

Total Files Cleaned = 1,717.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06262011_091140

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\SplishSplash\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\SplishSplash\AppData\Local\Temp\VGXF8FE.tmp not found!

Registry entries deleted on Reboot...


mbam-log-yyyy-mm-dd (hh-mm-ss).txt.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6954

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/26/2011 10:35:22 AM
mbam-log-2011-06-26 (10-35-22).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 408453
Time elapsed: 51 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


How is the computer now running?

Seems to be running faster than it was. One thing I realized that I hadn't paid so much attention to was before, on Facebook, pictures had started taking a while to load or not loading at all. Today they are loading quickly and fully.
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 27th, 2011, 4:13 pm

Hi queenoftheflock,

Thank you for the feedback. It is good to hear there has been some improvement. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Java Runtime Environment - Install

Please PRINT THESE INSTRUCTIONS you will not have Internet access during some steps!
DOWNLOAD CURRENT VERSION
  1. Get the latest version of Java Runtime Environment (JRE) © Sun Microsystems, Inc.
  2. Look for JDK 6 Update 26 (JDK or JRE).
  3. Click on the Download JRE button to the right.
  4. Select your Platform: Windows and then check "I agree to the (current update version) License Agreement.".
  5. Click on the Continue button and the page will refresh.
  6. Locate the entry for Windows Offline Installation, click on the file name and save the file to your desktop.
    Dial-up users: You may want to check the "Windows Offline Installation" box and opt to use...
    Download Selected with Sun Download Manager. The download can be restarted, in case it is interrupted.

INSTALL CURRENT VERSION
  1. Close all open applications (standard), especially your browser.
  2. From the Desktop double-click on jre-6u26-windows-i586.exe.
    Vista - W7 users: Right-click on jre-6u26-windows-i586.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Follow the installation prompts. When installation is complete Reboot your computer.
  4. Once the computer has been restarted, click your web browser icon to start it.
You can delete the downloaded installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time:
  1. Select Start > Control Panel and then double-click on the JAVA icon.
  2. Click on the Update tab and UNCHECK the "Check for Updates Automatically" option. (You can check for updates manually.)
      Reply Never Check to the warning prompt.
  3. Now click on the Advanced tab and then click on the [+] to expand the Miscellaneous options.
  4. UNCHECK the Java Quick Starter option.
  5. Click on the Apply button and then click on the OK button. Then close the Java Control Panel and close and exit the Control Panel window.

Step 2:
Online Anti-virus Scan

Please try running one of the following Online Scanners using the instructions listed below and post the respective log file in your next reply.

** Make sure you are using an account that has Administrative privileges **

ESET NOD32 Online Scan

Note: Either Internet Explorer or Mozilla FireFox can be used for this scan. However, you will need to disable your currently installed Anti-Virus software. Reference on how to do this can be read here.

Vista - W7 users: Close your browser, right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator".

  1. Please go to ESET Online Scanner - © ESET (All Rights Reserved) to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  2. Check the box next to "Yes, I accept the Terms of Use."
  3. Then click on the Start button.
    A window will open. It may appear nothing is happening, but please be patient.
  4. When prompted allow the Add-On/Active X to install.
  5. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  6. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  7. Click on the Start button.
  8. The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  9. When completed the Online Scan will begin automatically.
  10. Do not touch either the Mouse or Keyboard during the scan otherwise it may stall. It may take a while so, again, please be patient.
  11. When scan is completed, select Uninstall application on close if you so wish. Make sure you copy the logfile first!
  12. Then click on the Finish button.
  13. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
  14. Copy and Paste the entire contents of log.txt into your next reply.

Remember to re-enable your Anti-virus application after running the above scan!

Panda ActiveScan

Vista - W7 users: Close your browser, right-click on the IE icon on the Start Menu or Quick Launch and select "Run as Administrator".

Please go to Panda ActiveScan © Panda Security to perform a free online scan.
You must use Internet Explorer as the scan requires ActiveX.
  1. Click on the Scan your PC now button.
    A new window will open.
  2. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable option.
  3. Click on Free online scan.
  4. You will be prompted to install an ActiveX module. Please allow it.
  5. Once installed, it will start downloading the virus definitions. This takes a while. Please be patient.
  6. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  7. The scan will start. This can take some time. So, again, please be patient.
  8. When the scan has completed, click on View Report.
  9. The report will be displayed in separate browser window. Click on Save Report.
  10. Save the report as ActiveScan.txt to your Desktop.
  11. Please Copy and Paste the entire contents of the ActiveScan.txt file into your next reply.

Remember to re-enable your Anti-virus application after running the above scan!

Step 3:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of both the DDS.txt and Attach.txt logs into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. log.txt or ActiveScan.txt.
  3. DDS.txt.
  4. Attachment(s) Required:
      Attach.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Possible Virus.. Need some help.

Unread postby queenoftheflock » June 28th, 2011, 10:42 pm

Did you have any problems carrying out the instructions?

No problems and this time, I even figured out where the ESET logs are at. I'm learning. :)


log.txt or ActiveScan.txt.

ESET log:

SETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=faaca4570832e34cb3f2414d1f0401a4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-28 02:10:15
# local_time=2011-06-28 10:10:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 87 0 52290012 0 0
# compatibility_mode=5893 16776574 66 85 60758801 60773718 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=251615
# found=0
# cleaned=0
# scan_time=39947

DDS.txt.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by SplishSplash at 22:36:48 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5880.3266 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\CSHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{452AA06E-271D-43C8-AD8B-E8429C5EDAF1} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{57E7FD4F-E2B0-4F61-80AE-950362F4ED9B}\37869627C65697 : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbecdf0 ... g=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\SplishSplash\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\SplishSplash\AppData\Roaming\Mozilla\Firefox\Profiles\hpr75p9v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-7-31 266240]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-8 366640]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-9 1025352]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-28 02:55:31 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-26 13:11:40 -------- d-----w- C:\_OTL
2011-06-17 04:58:02 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-17 04:56:56 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-17 04:56:56 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-09 02:03:23 -------- d-----w- C:\Users\SplishSplash\AppData\Roaming\Malwarebytes
2011-06-09 02:03:16 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-09 02:03:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-09 02:03:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-09 02:03:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-06-28 02:43:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-15 01:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 01:32:03 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2011-04-05 04:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 22:37:14.73 ===============


Attachment(s) Required:
Attach.txt.
(attached per your request)
You do not have the required permissions to view the files attached to this post.
queenoftheflock
Active Member
 
Posts: 10
Joined: June 9th, 2011, 9:59 pm

Re: Possible Virus.. Need some help.

Unread postby Scolabar » June 29th, 2011, 4:53 am

Hi queenoftheflock,

Thank you for the logs. :thumbright:

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
Revo Uninstaller

Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.

  1. Please download Revo Uninstaller Pro and Save it to your Desktop.
    Note: This version is a fully functional, 30 day free trial.
  2. Double-click on RevoUninProSetup.exe to install the program. Accept the default installation options.
    Vista - W7 users: Right-click on RevoUninProSetup.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Double-click Revo Uninstaller from the Start Menu programs list, to run it.
  4. From the list of programs click on (one at a time if more than one program is listed):
      Ask Toolbar
      Java Auto Updater
  5. Select Uninstall. When prompted click on the Yes button.
  6. Make sure the Moderate option is checked and then click on the Next button.
  7. The program will now run.
  8. When prompted, click on the Yes button and then the Next button to continue.
  9. Once the program has searched for leftovers, click on the Next button.
  10. Check ONLY the bolded items in the list.
  11. Click on the Next button and then the Yes button to complete the removal of the program.
  12. When done click the Finish button.
    The problem program(s) should now be removed. Please repeat the instructions for each of the programs listed above.

Step 3:
OTL - Script

  • Double-click OTL.exe to launch the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  • Copy and Paste the following code into the Custom Fixes textbox. Do not include the word Code.
    Code: Select all
    :processes
    killallprocesses
    
    :reg
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] /64
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] /64
    "SunJavaUpdateSched"=-
    
    :commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
  • Click the Run Fix button at the top.
  • Then click on the OK button to continue.
  • OTL may ask to reboot the machine. Please allow it to do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL log.
  3. How is the computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware