Free Malware Removal Forum

[Mauxe]

I have one computer in the house that is shared by 5 people.
The other day I came home to find that the home page to Chrome had been changed to Searchqu. I did a look through my programs and saw that iLivid had also been installed. I uninstalled that program but I am concerned that I have additional malware on my computer now and I am not sure how to check/clean it up.
I have also found that games which require a launcher do not run anymore. This only happened in the past few days and I am afraid they are related.

Thank you for any help.

DDS: (This file would not download for me. I used the third option in the sticky to download DDS.com).

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Cassidy at 15:32:42 on 2012-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1432 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 7808946421
TCP: Interfaces\{DF9AAAED-6CB1-4E93-B985-B14237BE0F3D} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cassidy\application data\mozilla\firefox\profiles\hb52vbnf.default\
FF - prefs.js: browser.search.selectedEngine - FLV Runner Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: c:\documents and settings\cassidy\application data\mozilla\firefox\profiles\hb52vbnf.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\cassidy\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\cassidy\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: d:\programs\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-1-1 111632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-10 242240]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-1-1 688360]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-17 100368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-16 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-6-20 19056]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-14 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-14 136176]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
.
=============== Created Last 30 ================
.
2012-07-28 02:47:50 -------- d-----w- c:\documents and settings\cassidy\application data\.techniclauncher
2012-07-28 02:43:19 -------- d-----w- c:\program files\Oracle
2012-07-28 02:43:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-28 02:03:19 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-22 17:23:02 -------- d-----w- c:\documents and settings\cassidy\application data\searchquband
2012-07-22 17:23:02 -------- d-----w- c:\documents and settings\cassidy\AppData
2012-07-19 16:42:23 -------- d-----w- c:\documents and settings\cassidy\local settings\application data\Ilivid Player
2012-07-19 16:28:57 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-07-16 02:33:34 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2012-07-26 22:18:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 22:18:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 16:53:41 148664 ----a-w- c:\windows\system32\WRusr.dll
2012-07-09 16:53:41 111632 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 22:06:04 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-30 22:05:41 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-30 22:05:41 281288 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-26 15:54:41 281288 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-19 21:53:35 138904 ----a-w- c:\documents and settings\cassidy\application data\PnkBstrK.sys
2012-05-19 21:53:18 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 15:33:26.73 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2011 11:09:43 AM
System Uptime: 7/28/2012 8:28:30 AM (7 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Socket 775 | 2970/330mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 12.215 GiB free.
D: is FIXED (NTFS) - 388 GiB total, 41.235 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP332: 5/3/2012 8:25:16 AM - System Checkpoint
RP333: 5/4/2012 8:37:43 AM - System Checkpoint
RP334: 5/5/2012 11:57:35 AM - System Checkpoint
RP335: 5/6/2012 1:14:14 PM - System Checkpoint
RP336: 5/7/2012 1:17:12 PM - System Checkpoint
RP337: 5/8/2012 2:10:23 PM - System Checkpoint
RP338: 5/8/2012 6:56:39 PM - Installed DirectX
RP339: 5/9/2012 8:07:06 PM - System Checkpoint
RP340: 5/11/2012 8:35:28 AM - System Checkpoint
RP341: 5/12/2012 2:24:09 AM - Software Distribution Service 3.0
RP342: 5/13/2012 2:49:31 AM - System Checkpoint
RP343: 5/14/2012 8:06:05 AM - System Checkpoint
RP344: 5/15/2012 8:37:04 AM - System Checkpoint
RP345: 5/16/2012 9:14:21 AM - System Checkpoint
RP346: 5/16/2012 9:57:59 PM - Software Distribution Service 3.0
RP347: 5/18/2012 4:05:17 AM - System Checkpoint
RP348: 5/19/2012 9:53:26 AM - System Checkpoint
RP349: 5/19/2012 5:52:59 PM - Installed DirectX
RP350: 5/21/2012 8:33:38 AM - System Checkpoint
RP351: 5/22/2012 5:43:23 PM - System Checkpoint
RP352: 5/22/2012 5:47:12 PM - Software Distribution Service 3.0
RP353: 5/22/2012 10:04:01 PM - Software Distribution Service 3.0
RP354: 5/23/2012 12:06:50 AM - Software Distribution Service 3.0
RP355: 5/24/2012 8:35:26 AM - System Checkpoint
RP356: 5/26/2012 5:58:45 PM - System Checkpoint
RP357: 5/27/2012 8:57:57 PM - System Checkpoint
RP358: 5/29/2012 7:46:35 PM - System Checkpoint
RP359: 5/30/2012 9:35:18 PM - System Checkpoint
RP360: 5/31/2012 9:53:18 PM - System Checkpoint
RP361: 6/2/2012 9:01:33 AM - System Checkpoint
RP362: 6/2/2012 6:58:20 PM - Software Distribution Service 3.0
RP363: 6/3/2012 12:15:43 PM - Software Distribution Service 3.0
RP364: 6/4/2012 12:44:31 PM - System Checkpoint
RP365: 6/5/2012 12:11:46 AM - Software Distribution Service 3.0
RP366: 6/6/2012 9:43:28 AM - System Checkpoint
RP367: 6/7/2012 10:06:59 AM - System Checkpoint
RP368: 6/8/2012 10:22:17 AM - System Checkpoint
RP369: 6/10/2012 11:28:15 AM - System Checkpoint
RP370: 6/11/2012 3:32:51 PM - System Checkpoint
RP371: 6/13/2012 7:59:26 AM - System Checkpoint
RP372: 6/13/2012 5:13:18 PM - Installed Star Wars Battlefront II
RP373: 6/13/2012 5:22:28 PM - Installed Star Wars Battlefront II
RP374: 6/13/2012 9:45:24 PM - Software Distribution Service 3.0
RP375: 6/15/2012 10:25:41 AM - System Checkpoint
RP376: 6/16/2012 2:16:56 PM - System Checkpoint
RP377: 6/16/2012 9:07:04 PM - Removed Fallout 3
RP378: 6/17/2012 10:32:47 PM - System Checkpoint
RP379: 6/18/2012 10:48:27 PM - System Checkpoint
RP380: 6/19/2012 11:16:03 PM - System Checkpoint
RP381: 6/21/2012 12:07:30 AM - System Checkpoint
RP382: 6/22/2012 10:22:24 AM - System Checkpoint
RP383: 6/23/2012 9:15:57 PM - System Checkpoint
RP384: 6/25/2012 9:25:28 AM - System Checkpoint
RP385: 6/26/2012 1:18:18 PM - System Checkpoint
RP386: 6/27/2012 1:38:48 PM - System Checkpoint
RP387: 6/28/2012 1:50:17 PM - System Checkpoint
RP388: 6/29/2012 11:32:55 PM - System Checkpoint
RP389: 7/9/2012 1:11:58 PM - System Checkpoint
RP390: 7/10/2012 7:01:24 PM - System Checkpoint
RP391: 7/11/2012 7:42:36 PM - System Checkpoint
RP392: 7/11/2012 11:37:17 PM - Installed DirectX
RP393: 7/12/2012 12:26:31 AM - Software Distribution Service 3.0
RP394: 7/13/2012 1:40:44 PM - System Checkpoint
RP395: 7/14/2012 3:02:04 PM - System Checkpoint
RP396: 7/15/2012 3:44:35 PM - System Checkpoint
RP397: 7/16/2012 8:02:01 PM - System Checkpoint
RP398: 7/17/2012 11:52:19 PM - System Checkpoint
RP399: 7/19/2012 10:59:01 PM - System Checkpoint
RP400: 7/20/2012 11:01:06 PM - System Checkpoint
RP401: 7/21/2012 11:50:34 PM - System Checkpoint
RP402: 7/23/2012 10:31:22 AM - System Checkpoint
RP403: 7/24/2012 5:52:16 PM - System Checkpoint
RP404: 7/25/2012 7:53:38 PM - System Checkpoint
RP405: 7/26/2012 8:59:38 PM - System Checkpoint
RP406: 7/26/2012 9:32:32 PM - Installed TheSims3EP4
RP407: 7/26/2012 10:30:43 PM - Installed The Sims 3
RP408: 7/27/2012 10:02:39 PM - Removed Java(TM) 7 Update 1
RP409: 7/27/2012 10:03:03 PM - Installed Java(TM) 7 Update 5
RP410: 7/27/2012 10:03:24 PM - Installed JavaFX 2.1.1
RP411: 7/27/2012 10:07:59 PM - Removed JavaFX 2.1.1
RP412: 7/27/2012 10:08:19 PM - Removed Java(TM) 7 Update 5
RP413: 7/27/2012 10:08:40 PM - Removed Java(TM) 6 Update 17
RP414: 7/27/2012 10:18:46 PM - Installed Java(TM) 7 Update 5
RP415: 7/27/2012 10:19:11 PM - Installed JavaFX 2.1.1
RP416: 7/27/2012 10:40:59 PM - Removed Java(TM) 7 Update 5
RP417: 7/27/2012 10:41:30 PM - Removed JavaFX 2.1.1
RP418: 7/27/2012 10:42:58 PM - Installed Java(TM) 7 Update 5
RP419: 7/27/2012 10:43:17 PM - Installed JavaFX 2.1.1
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4500_Help
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
Audacity 1.2.6
Audible Download Manager
Battlefield Bad Company 2
BlackBerry Desktop Software 6.1
Bonjour
BOSS
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BrettspielWelt
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CleanUp!
ConvertXtoDVD 4.1.10.348
Curse Client
DAEMON Tools Lite
Defense Grid: The Awakening
Demigod
Elemental: Fallen Enchantress
EQ2MAP Updater 1.2.10
EverQuest II
Fax
Frozen Synapse
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Officejet J4500 Series
Impulse®
iTunes
J4500
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Kingdoms of Amalur: Reckoning
LastPass (uninstall only)
Legends of Norrath
LogMeIn Hamachi
MagicDisc 2.7.105
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Install Application
NVIDIA PhysX
Oblivion
Oblivion mod manager 1.1.12
OpenAL
Origin
PeerBlock 1.1 (r518)
Picasa 3
Portal
ProductContext
PunkBuster Services
Python 2.7 comtypes-0.6.2
Python 2.7 pywin32-216
Python 2.7.2
QuickTime
Rapture3D 2.4.8 Game
RarZilla Free Unrar
Realtek High Definition Audio Driver
Sanctum
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Warlords
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype Click to Call
Skype™ 5.5
SpaceChem
Spotify
Star Wars Jedi Knight: Jedi Academy
Star Wars: The Old Republic
swMSM
Sword of the Stars Complete Collection
System Requirements Lab
Terraria
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Pets
The Sims™ 3 Town Life Stuff
Toolbox
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VideoPad Video Editor
VSO CopyTo 5
WebFldrs XP
WebReg
Webroot SecureAnywhere
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wrye Bash
wxPython 2.8.12.1 (ansi) for Python 2.7
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 2:20:00 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/28/2012 12:22:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/22/2012 3:10:02 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OWEN-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{59F3CDDB-76D9-4A17-B. The master browser is stopping or an election is being forced.
7/22/2012 11:29:07 AM, error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 10:29:48 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CLIENT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{59F3CDDB-76D9-4A17. The master browser is stopping or an election is being forced.
7/22/2012 1:50:49 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KEN-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{59F3CDDB-76D9-4A17-B6. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

[pgmigg]

Hello Mauxe,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
   DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
   Extra Additions and Removals of files make the analysis more difficult.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed

[pgmigg]

Hello Mauxe,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Remove P2P Program(s)

1. Click on Start -> Control Panel and double click on Add/Remove Programs.
2. Locate the following program(s):
   µTorrent
3. Click on the Change/Remove button to uninstall it.
   Repeat steps 2 and 3 for each program listed.
4. When the program(s) have been uninstalled, please close Add/Remove Programs. Close Control Panel.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Then,

WARNING: There are Serious Issues with PunkBuster

I noticed you have PunkBuster installed... read the "Published features" section.

Your computer has installed gaming tools.
Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware. The PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals. They are sometimes designed to prevent orderly removal or modification, and they have only very limited respect for retaining the overall security and integrity of your machine.

These programs are changed/updated often, and it is not possible to predict what effects they actually have on the Operating System.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.

If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance that the Punkbuster games or your PC system will be trouble-free afterwards.

By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:

1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that we do consider it spyware.
3. We can not clean this computer at all. This ensures PunkBuster will continue to function.

If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

You should read this entire thread, as just one example of what is going on, then let me know what you want to do.

Uninstall PunkBuster

1. Click on Start -> Control Panel and double click on Add/Remove Programs.
2. Locate the following program(s):
   Battlefield Bad Company 2
   PunkBuster Services
3. Click on the Change/Remove button to uninstall it.
   Repeat steps 2 and 3 for each program listed.
4. When the program(s) have been uninstalled, please close Add/Remove Programs. Close Control Panel.

If there are any remnants left... you can use the Punk Buster Uninstall process:
Please download PBSVC Setup Program. Save it to your desktop.

1. Double click on pbsvc.exe to start it... then click Uninstall.
   Once that's finished...
2. Click Start > Run and copy and paste the following into the open text box:
   

   Code: Select all

   cmd /c for %i in (A B K) do sc delete PnkBstr%i

3. Click OK. A black box will flash very briefly, this is normal.
4. Double click My Computer on your desktop and browse to C:\windows\system32\drivers
5. Locate the file: PnkBstrK.sys... if found delete it.

Let me know if you performed these steps successfully.

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Your decision about P2P program.
3. Your decision about Punk Buster and related stuff.
4. Status of removing steps you made if you decided to clean this machine with me.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[Mauxe]

I appreciate the help

A) No problems with execution that I can tell. Removing Punkbuster caused my computer to freeze and I had to reboot. When I came back up PB was out of my Add/Remove list. To be sure I downloaded the file you linked to but when I ran the setup program the option to uninstall was gray.

B) I uninstalled uTorrent

C) I uninstalled BF2 and PB

D) I believe that I am caught up on all of the steps.

Thanks again.

[pgmigg]

Hello Mauxe,

Very good!
Let start our treatment...

Step 1.
Run CKScanner

1. Please download CKScanner from Here
2. Important: - Save it to your Desktop.
3. Double-click on CKScanner.exe to run it, then click Search For Files.
4. After a very short time, when the cursor hourglass disappears, click Save List To File.
5. A message box will verify the file saved.
6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!

1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
   If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
   If you don't see file extensions, please see: How to change the file extension.
2. Click the Start Scan button. Do not use the computer during the scan!
3. If the scan completes with nothing found, click Close to exit.
4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
   
   • Please select Skip instead of Cure (default).
5. Then click Continue, then Close and then Close again.
6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
7. Copy and paste the contents of that file in your next reply.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Double-click on OTL.exe to run it.
2. Under Output, ensure that Standard Output is selected.
3. Check the boxes labeled:
   
   • Scan All Users
   • LOP check
   • Purity check
   • Extra Registry > Use SafeList
4. Click on Run Scan at the top left hand corner.
5. When done, two Notepad files will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Extras.txt <-- Will be minimized on task bar.
6. Please post the contents of OTL.txt file ONLY in your next reply.

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of a log created by CKFiles.txt
3. Contents of TDSSKiller report file.
4. Contents of a OTL.txt log file after OTL Scan run
5. Contents of a Extras.txt log file after OTL Scan run
6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[Mauxe]

A. The only problem I had was in downloading the OTL.exe file. I had to go to the oldtimer forum and choose a mirror site to get it.

B. CKFiles.txt:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\cassidy\my documents\electronic arts\the sims 3\saves\fat weird butt crack.sims3
c:\documents and settings\cassidy\my documents\electronic arts\the sims 3\saves\fat weird butt crack.sims3.backup
c:\documents and settings\cassidy\my documents\my music\itunes\mobile applications\crackcode.ipa
c:\documents and settings\cassidy\my documents\my pictures\nutcracker pontecorvo ballet 2011\.picasa.ini
c:\documents and settings\cassidy\my documents\my pictures\nutcracker pontecorvo ballet 2011\thumbs.db
scanner sequence 3.BC.11.MJABVF
----- EOF -----

C. TDSSKiller - nothing found during this scan

D. ODL.txt:

OTL logfile created on: 8/3/2012 8:05:28 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Cassidy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.73% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 17.08 Gb Free Space | 21.86% Space Free | Partition Type: NTFS
Drive D: | 387.62 Gb Total Space | 45.77 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
Drive E: | 629.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CASSIDY-9AB730E | User Name: Cassidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 20:01:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
PRC - [2012/07/11 23:15:16 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/09 12:53:41 | 000,688,360 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 13:18:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 12:45:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/09 12:53:41 | 000,688,360 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/09 12:53:41 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2012/03/09 02:22:00 | 007,586,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/02/10 22:09:12 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/20 03:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3201318.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "FLV Runner Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 12:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/27 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Extensions
[2012/07/27 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\extensions
[2011/06/11 16:24:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/27 21:42:55 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
[2012/06/20 20:07:36 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\extensions\support@lastpass.com
[2012/07/27 21:43:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\conduit.xml
[2012/07/19 12:28:57 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\Search_Results.xml
[2012/07/27 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/13 22:02:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 12:45:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/19 12:45:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/19 12:28:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/19 12:45:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programs\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: LastPass = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.11_0\
CHR - Extension: Illyriad = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnfbcdoedgikkjokbgejbgkgijnoaanb\1.3_0\
CHR - Extension: MLB.com Scoreboard = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld\0.1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail Checker = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

O1 HOSTS File: ([2011/12/30 22:05:35 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7808946421 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF9AAAED-6CB1-4E93-B985-B14237BE0F3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (o) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/11 11:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/20 13:49:25 | 000,069,632 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/06/27 15:16:04 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - H:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-725345543-1563985344-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 20:01:48 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
[2012/08/03 19:16:30 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassidy\Desktop\tdsskiller.exe
[2012/08/01 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenXML-ODF Translator
[2012/08/01 20:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Start Menu\Programs\ODF Add-in for Microsoft Office
[2012/08/01 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/07/31 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\GameStop App
[2012/07/31 22:20:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}
[2012/07/28 15:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cassidy\Start Menu\Programs\Administrative Tools
[2012/07/27 22:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\.techniclauncher
[2012/07/27 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/27 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/27 22:43:12 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/27 22:43:12 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/27 22:43:08 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 22:43:08 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/27 22:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\Oracle
[2012/07/27 22:03:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/27 22:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/26 21:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/07/22 13:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\searchquband
[2012/07/22 13:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\AppData
[2012/07/19 12:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Local Settings\Application Data\Ilivid Player
[2012/07/19 12:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/07/15 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/07/15 22:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2012/01/23 16:36:11 | 000,196,608 | ---- | C] (ICSharpCode.net) -- C:\Documents and Settings\Cassidy\ICSharpCode.SharpZipLib.dll
[2011/12/21 23:10:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 20:02:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1563985344-839522115-1003UA.job
[2012/08/03 20:01:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
[2012/08/03 19:20:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 19:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/03 19:16:35 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassidy\Desktop\tdsskiller.exe
[2012/08/03 19:09:59 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\CKScanner.exe
[2012/08/03 15:04:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Google Chrome.lnk
[2012/08/03 15:04:29 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/03 13:18:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/03 13:18:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/03 09:47:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/03 09:47:29 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 09:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/02 09:02:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1563985344-839522115-1003Core.job
[2012/08/01 23:26:49 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/01 17:58:02 | 000,104,476 | ---- | M] () -- C:\Documents and Settings\Cassidy\My Documents\mens tennis scores 8'1'12.JPG
[2012/07/31 22:20:54 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameStop App.lnk
[2012/07/29 09:57:00 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to technic-launcher.lnk
[2012/07/29 00:05:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/07/28 10:15:13 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to .techniclauncher.lnk
[2012/07/28 10:14:59 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Shortcut to .techniclauncher.lnk
[2012/07/27 22:43:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 22:43:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/27 22:23:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cassidy\My Documents\My Computer.lnk
[2012/07/26 21:37:13 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Generations.lnk
[2012/07/24 21:59:45 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Minecraft Mods2.lnk
[2012/07/24 21:59:25 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to .minecraft.lnk
[2012/07/22 19:05:26 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to Minecraft.lnk
[2012/07/17 01:51:07 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Cassidy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/15 22:56:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut (2) to Minecraft_Server.lnk
[2012/07/12 00:29:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 12:53:41 | 000,148,664 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2012/07/09 12:53:41 | 000,111,632 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys
[2012/07/05 22:07:08 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/03 19:10:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\CKScanner.exe
[2012/08/01 17:58:01 | 000,104,476 | ---- | C] () -- C:\Documents and Settings\Cassidy\My Documents\mens tennis scores 8'1'12.JPG
[2012/07/31 22:20:54 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameStop App.lnk
[2012/07/29 09:57:00 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to technic-launcher.lnk
[2012/07/28 10:15:13 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to .techniclauncher.lnk
[2012/07/28 10:14:59 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Shortcut to .techniclauncher.lnk
[2012/07/27 22:23:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cassidy\My Documents\My Computer.lnk
[2012/07/26 21:37:13 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Generations.lnk
[2012/07/24 21:59:45 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Minecraft Mods2.lnk
[2012/07/24 21:59:25 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to .minecraft.lnk
[2012/07/20 15:19:30 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to Minecraft.lnk
[2012/07/15 22:56:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut (2) to Minecraft_Server.lnk
[2012/05/14 23:19:37 | 000,184,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/18 00:51:44 | 000,103,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1563985344-839522115-1003-0.dat
[2012/04/18 00:51:43 | 000,103,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/17 22:43:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 21:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/04/17 21:19:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/04/17 21:19:58 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/04/17 21:19:58 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/04/09 23:26:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 14:11:50 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/08 14:10:26 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/08 14:10:16 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/08 14:10:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/30 19:18:46 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Cassidy\GoToAssistDownloadHelper.exe
[2011/12/21 23:10:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\inst.exe
[2011/12/21 23:10:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.cat
[2011/12/21 23:10:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.inf
[2011/11/06 21:22:27 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll
[2011/11/06 21:22:27 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll
[2011/11/06 21:22:27 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\pythoncomloader27.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/08/28 00:30:53 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Cassidy\.recently-used.xbel
[2011/07/23 11:10:15 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\vso_ts_preview.xml
[2011/06/22 22:27:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/20 21:54:06 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011/06/20 21:52:34 | 000,176,495 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011/06/20 21:52:24 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011/06/19 01:23:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/06/13 14:48:43 | 000,017,460 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/12 08:53:19 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\PnkBstrK.sys
[2011/06/12 08:52:57 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011/06/11 16:23:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/11 11:20:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Cassidy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 11:17:19 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/06/11 11:09:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 11:06:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/11 06:58:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/11 06:57:24 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== LOP Check ==========

[2012/04/21 00:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/07/20 08:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/02/10 22:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/04/20 07:39:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2012/02/25 00:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/02/26 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2012/02/25 00:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/05/08 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameStop
[2011/06/11 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
[2011/06/17 00:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2012/02/25 00:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/06/18 00:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paradox
[2011/08/30 22:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/01/21 00:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/12/21 23:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vso
[2011/07/23 11:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012/08/03 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WRData
[2011/06/11 16:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/20 23:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65A07368-8188-47C9-A998-7B7AB947F035}
[2012/07/31 22:20:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}
[2012/08/01 11:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\.minecraft
[2012/08/02 14:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\.techniclauncher
[2012/06/22 22:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\BSW
[2012/02/10 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\DAEMON Tools Lite
[2011/08/28 00:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\gtk-2.0
[2011/09/26 19:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\My Games
[2011/11/07 01:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\ooVoo Details
[2012/07/27 22:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Oracle
[2012/02/24 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Origin
[2012/01/08 17:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Philipp Winterberg
[2011/08/30 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Research In Motion
[2012/02/27 16:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\RotMG.Production
[2011/06/12 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\runic games
[2012/07/22 13:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\searchquband
[2012/04/28 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Sony Online Entertainment
[2012/05/18 22:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Spotify
[2011/06/11 22:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Stardock
[2011/08/02 00:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\SystemRequirementsLab
[2011/09/16 16:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Unity
[2011/12/21 23:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\Vso
[2012/04/06 09:34:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



< End of report >

E. Extras.txt:

OTL Extras logfile created on: 8/3/2012 8:05:28 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Cassidy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.73% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 17.08 Gb Free Space | 21.86% Space Free | Partition Type: NTFS
Drive D: | 387.62 Gb Total Space | 45.77 Gb Free Space | 11.81% Space Free | Partition Type: NTFS
Drive E: | 629.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CASSIDY-9AB730E | User Name: Cassidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe" = D:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare, A Division of Electronic Arts)
"D:\Games\Star Wars-The Old Republic\launcher.exe" = D:\Games\Star Wars-The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Games\Steam\SteamApps\common\gish\gish.exe" = D:\Games\Steam\SteamApps\common\gish\gish.exe:*:Enabled:Gish
"D:\Games\Steam\SteamApps\common\torchlight\Torchlight.exe" = D:\Games\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"D:\Games\Steam\SteamApps\common\aquaria\Aquaria.exe" = D:\Games\Steam\SteamApps\common\aquaria\Aquaria.exe:*:Enabled:Aquaria
"D:\Games\Steam\SteamApps\common\penumbra overture\redist\Penumbra.exe" = D:\Games\Steam\SteamApps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra: Overture
"D:\Games\Steam\SteamApps\common\lugaru hd\Lugaru.exe" = D:\Games\Steam\SteamApps\common\lugaru hd\Lugaru.exe:*:Enabled:Lugaru HD -- ()
"D:\Games\Steam\SteamApps\common\world of goo\WorldOfGoo.exe" = D:\Games\Steam\SteamApps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo
"D:\Games\Steam\SteamApps\common\osmos\osmos.exe" = D:\Games\Steam\SteamApps\common\osmos\osmos.exe:*:Enabled:Osmos
"D:\Games\Steam\SteamApps\common\machinarium\machinarium.exe" = D:\Games\Steam\SteamApps\common\machinarium\machinarium.exe:*:Enabled:Machinarium -- (Adobe Systems, Inc.)
"D:\Games\Demigod\bin\Demigod.exe" = D:\Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"D:\Games\Steam\SteamApps\common\revenge of the titans\RevengeOfTheTitans.exe" = D:\Games\Steam\SteamApps\common\revenge of the titans\RevengeOfTheTitans.exe:*:Enabled:Revenge of the Titans
"D:\Games\World of Warcraft\Launcher.exe" = D:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\Games\World of Warcraft\Launcher.patch.exe" = D:\Games\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\Games\World of Warcraft\BackgroundDownloader.exe" = D:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe -- (Blizzard Entertainment)
"D:\Games\Sins\Sins of a Solar Empire.exe" = D:\Games\Sins\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\Games\Sins\Sins of a Solar Empire Entrenchment.exe" = D:\Games\Sins\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"D:\Games\Sins\Sins of a Solar Empire Diplomacy.exe" = D:\Games\Sins\Sins of a Solar Empire Diplomacy.exe:*:Enabled:Sins of a Solar Empire - Diplomacy -- (Ironclad Games)
"D:\Programs\uTorrent\uTorrent.exe" = D:\Programs\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"D:\Programs\Vent\Ventrilo.exe" = D:\Programs\Vent\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Games\RoI\RoIClientR.exe" = D:\Games\RoI\RoIClientR.exe:*:Enabled:Rise of Immortals -- (Petroglyph Games, Inc.)
"C:\Documents and Settings\Cassidy\Local Settings\Apps\2.0\VJ53CVC2.BT8\H1V5N2NJ.CQ2\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe" = C:\Documents and Settings\Cassidy\Local Settings\Apps\2.0\VJ53CVC2.BT8\H1V5N2NJ.CQ2\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe:*:Enabled:Curse Client 4.0


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{036138A4-CE69-54B3-EC3A-22EC160303E0}" = CCC Help Czech
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0A68C819-3333-E57F-5881-D3FE31C1F2D5}" = CCC Help Turkish
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{23481C75-AA13-858C-C707-51D7744F2309}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{3179E96B-2CCF-A00A-5738-4C14DBA0DACA}" = CCC Help Chinese Traditional
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BDCECE1-F7F8-81E3-EE26-AF8FD5172A56}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{41B4F085-82E5-C9C2-9AB3-65D67EF60883}" = CCC Help Italian
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5157A26D-28AF-4E96-99EE-25D510437653}_is1" = SpaceChem
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{59A86970-E9AB-0D1D-A269-2381A89F0CF2}" = Catalyst Control Center InstallProxy
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DCB68D8-686F-0550-6DD3-957A366F8F99}" = CCC Help Norwegian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{653B7F6E-F594-4B55-61BA-78F8FE6E500A}" = CCC Help Finnish
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66BA3D87-812D-C11B-D7EA-A62DD125099E}" = ATI AVIVO Codecs
"{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}" = Catalyst Control Center
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73750E8F-0277-4EF7-AD90-7723B5C0A8B8}" = Elemental: Fallen Enchantress
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76B0FAA5-C23B-58E8-EB51-1195A4D6BEB7}" = Catalyst Control Center Localization All
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{821CF756-EDC0-5A8C-6ECA-3F4682DEAFD1}" = CCC Help French
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB7E2C1-13A7-F9A0-277F-8CFB5B198E7E}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{950A97A5-F8AF-26C7-8F8B-47F7C1F03363}" = CCC Help Portuguese
"{96A092BE-173D-6824-14FD-1C8C0477C1D1}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1" = VSO CopyTo 5
"{9BA4C082-183A-4869-06DB-4F563355D33F}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A997829F-090A-06FC-ADDA-B907E0D2562E}" = AMD Catalyst Install Manager
"{AB4FE709-7AC5-A7FF-A947-A110CEFCB074}" = CCC Help Hungarian
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B802B2D2-C777-1876-8204-C0F360CBF955}" = CCC Help Dutch
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6BD88D1-A8D3-B46F-781E-80A6A6927E09}" = CCC Help Chinese Standard
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D3CD290C-C254-F440-962D-F9D0E60DD3F4}" = CCC Help Danish
"{DA3DB4D7-429D-4292-F855-C47C6EA1AFF8}" = CCC Help Thai
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DE464235-13EC-F0E2-2608-9A8103F52DF8}" = CCC Help Japanese
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E8D9FAA2-D3DB-7FA3-3FFE-0AC935251F99}" = CCC Help Swedish
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F748B53A-A58F-17B4-F380-08EF92B6A6F4}" = CCC Help Korean
"{FA584B62-7ECF-A981-0D1E-A8BE67C604DB}" = Catalyst Control Center Graphics Previews Common
"{FBFC6AFA-082C-CBEC-3D28-1EE9CA16D029}" = ccc-utility
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9B0E3E-9D2E-2560-EEA2-BB35A369C491}" = CCC Help Russian
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BOSS" = BOSS
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Demigod" = Demigod
"Elemental: Fallen Enchantress" = Elemental: Fallen Enchantress
"EQ2MAP Updater" = EQ2MAP Updater 1.2.10
"GameStop App" = GameStop App
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"pywin32-py2.7" = Python 2.7 pywin32-216
"RarZilla Free Unrar" = RarZilla Free Unrar
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Steam App 105430" = Age of Empires Online
"Steam App 105600" = Terraria
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200210" = Realm of the Mad God
"Steam App 400" = Portal
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 91600" = Sanctum
"Steam App 98200" = Frozen Synapse
"Sword of the Stars" = Sword of the Stars Complete Collection
"VideoPad" = VideoPad Video Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WRUNINST" = Webroot SecureAnywhere
"Wrye Bash" = Wrye Bash
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-ansi-py27_is1" = wxPython 2.8.12.1 (ansi) for Python 2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"SOE-EverQuest II" = EverQuest II
"SOE-LegendsOfNorrath" = Legends of Norrath
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2012 9:28:09 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 7/26/2012 9:28:23 PM | Computer Name = CASSIDY-9AB730E | Source = Application Hang | ID = 1002
Description = Hanging application DTLite.exe, version 4.45.2.287, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 9:43:58 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application ts3w.exe, version 0.2.0.148, faulting module
ts3w.exe, version 0.2.0.148, fault address 0x0017f196.

Error - 7/26/2012 10:00:42 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05770fef.

Error - 7/27/2012 10:45:48 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/28/2012 1:53:14 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.32.124, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/30/2012 12:07:46 PM | Computer Name = CASSIDY-9AB730E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2012 6:36:18 PM | Computer Name = CASSIDY-9AB730E | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.32.124, faulting module
skype.exe, version 5.5.32.124, fault address 0x00663fc3.

Error - 8/1/2012 11:32:03 AM | Computer Name = CASSIDY-9AB730E | Source = Application Hang | ID = 1002
Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/2/2012 10:10:52 AM | Computer Name = CASSIDY-9AB730E | Source = Application Hang | ID = 1002
Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/2/2012 9:12:43 AM | Computer Name = CASSIDY-9AB730E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 8/2/2012 9:12:51 AM | Computer Name = CASSIDY-9AB730E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 8/2/2012 9:12:58 AM | Computer Name = CASSIDY-9AB730E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 8/2/2012 9:13:05 AM | Computer Name = CASSIDY-9AB730E | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 8/2/2012 9:20:00 AM | Computer Name = CASSIDY-9AB730E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 8/2/2012 2:20:00 PM | Computer Name = CASSIDY-9AB730E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 8/2/2012 7:20:00 PM | Computer Name = CASSIDY-9AB730E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 8/3/2012 9:48:05 AM | Computer Name = CASSIDY-9AB730E | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/3/2012 10:20:00 AM | Computer Name = CASSIDY-9AB730E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 8/3/2012 3:20:00 PM | Computer Name = CASSIDY-9AB730E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >

F. Nothing different at the moment - although my wife was on the computer earlier and said that when she opened firefox the searchnu page opened again by default. I asked her to use our laptop for now until I give her the all clear.

[pgmigg]

Hello Mauxe,

Very good! I appreciate your understanding!

F. Nothing different at the moment - although my wife was on the computer earlier and said that when she opened firefox the searchnu page opened again by default. I asked her to use our laptop for now until I give her the all clear.

Don't worry for now, I only collected information to analyze. Now we are starting a treatment and it will not be in one step...

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create System Restore Point

1. Click Start.
2. Select All Programs -> Accessories -> System Tools, then press System Restore.
3. At the Welcome screen select Create a restore point and then press Next.
4. In the description box, type a name to describe this restore point.
   
   System Restore automatically adds (to your description) the current date and time.
5. Click Create to finish creating this restore point.
6. Click Close to exit System Restore.

Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

If you have successfully created a System Restore Point, we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! and do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Double click on OTL.exe to run it.
2. Underneath Output at the top, make sure Standard Output is selected.
3. Copy and Paste the following code into the text box. Do not include the word Code
   

   Code: Select all

   :OTL
   IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
   IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
   IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
   IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
   FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
   FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q="
   FF - user.js - File not found
   [2012/07/27 21:43:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\conduit.xml
   CHR - homepage: http://www.searchnu.com/406
   CHR - homepage: http://www.searchnu.com/406
   O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
   O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
   O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
   O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
   O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
   O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
   O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
   [2012/07/22 13:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cassidy\Application Data\searchquband
   
   :Reg
   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"=-
   [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
   [-HKEY_CURRENT_USER\Software\DataMngr]
   [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
   [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
   [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
   [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
   [-HKEY_CURRENT_USER\Software\Trolltech]
   [-HKEY_CURRENT_USER\Software\ilivid]
   [-HKEY_CURRENT_USER\Software\searchqutoolbar]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
   [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
   [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
   [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   "C:\WINDOWS\system32\PnkBstrA.exe" =-
   "C:\WINDOWS\system32\PnkBstrB.exe" =-
   "D:\Programs\uTorrent\uTorrent.exe" =-
   
   :Files
   %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
   %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
   %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
   %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
   %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
   %LOCALAPPDATA%\Ilivid Player /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
   %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
   %TEMP%\BandooFiles
   %TEMP%\BandooV6.exe
   %TEMP%\SetupDataMngr_Searchqu.exe
   %TEMP%\SweetIMReinstall
   %TEMP%\SweetIMReinstall\SweetImSetup.exe
   %TEMP%\ilivid.7z
   %TEMP%\searchqu.ini
   %TEMP%\searchqutoolbar-manifest.xml
   %USERPROFILE%\AppData\LocalLow\searchquband
   %USERPROFILE%\AppData\LocalLow\searchqutoolbar
   %USERPROFILE%\Downloads\SweetImSetup.exe
   %USERPROFILE%\Downloads\iLividSetupV1.exe
   C:\Program Files\Windows iLivid Toolbar
   C:\Program Files\iLivid
   C:\Windows\Prefetch\ILIVID*
   C:\Windows\Prefetch\SEARCHQUMEDIABAR*
   C:\Windows\Prefetch\SETUPDATAMNGR*
   C:\WINDOWS\System32\*.tmp
   ipconfig /flushdns /c
   
   :Commands
   [EMPTYTEMP]
   [EMPTYFLASH]
   [EMPTYJAVA]
   [CREATERESTOREPOINT]
   

4. Click under the Custom Scan/Fixes box and paste the copied text.
5. Click the Run Fix button. If prompted... click OK.
6. OTL may ask to reboot the machine. Please do so if asked.
7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
8. Please post the contents of report in your next reply.

Step 3.
Edit Chrome Search Engine

1. Launch Google Chrome, type the following address into the address bar and press Enter:
   

   Code: Select all

   chrome://chrome/settings/

2. Click on Manage Search Engines
3. Highlight Google and select the option for Make Default.
4. Delete any entries that relate to Seachnu or dts.search-results.
5. Restart Chrome and see if you are still directed to Searchnu.

Then please try to make a few searches with Google Crhome and If Chrome is still redirecting, you then first use the instructions here to change your home page to something like google.com or some other clean site. Then reboot your system and see if Chrome is still being redirected.

If it's still being redirected after changing your home page then please uninstall Chrome, then download and install a clean copy.

Step 4.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.

1. Double-click SystemLook.exe to run it.
   If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
2. Highlight and copy the following entries into SystemLook's main text entry window:
   

   Code: Select all

   :filefind
   *Bandoo*
   *Community*
   *Conduit*
   *datamngr*
   *Fun4IM*
   *iLivid*
   *IObit*
   *Iminent*
   *Searchqu*
   *Searchnu*
   *Tarma*
   *trolltech*
   *vshare*
   *whitesmoke*
   *Yontoo*
   
   :folderfind
   *Bandoo*
   *Community*
   *Conduit*
   *datamngr*
   *Fun4IM*
   *iLivid*
   *IObit*
   *Iminent*
   *Searchqu*
   *Searchnu*
   *Tarma*
   *trolltech*
   *vshare*
   *whitesmoke*
   *Yontoo*
   
   :Regfind
   Bandoo
   Community
   Conduit
   datamngr
   Fun4IM
   iLivid
   IObit
   Iminent
   Searchqu
   Searchnu
   Tarma
   trolltech
   vshare
   whitesmoke
   Yontoo
   

3. Press the Look button to start the scan.
   When finished, a Notepad window will open with the results of the scan.
   A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the OTL.txt log file after OTL FixScript run
3. Contents of the SystemLook.txt log file
4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[Mauxe]

A. No problems, but when the system rebooted after the OTL fix I had an error message which stated that my system had just recovered from a serious error. There was nothing different about the reboot process. I clicked the "do not send" button and I proceeded to get about 6 of these messages. These are the error messages that were shown (in case they re important). They were all the same:

BCCode : 1000008e BCP1 : C0000005 BCP2 : BD1652C6 BCP3 : AFF29570
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\Cassidy\LOCALS~1\Temp\WERd474.dir00\Mini030412-01.dmp
C:\DOCUME~1\Cassidy\LOCALS~1\Temp\WERd474.dir00\sysdata.xml




B. OTL log:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=" removed from keyword.URL
C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\conduit.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
C:\Documents and Settings\Cassidy\Application Data\searchquband folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Programs\uTorrent\uTorrent.exe deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Documents and Settings\Cassidy\Application Data\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
Invalid Environment Variable: LOCALAPPDATA
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\BandooFiles not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\BandooV6.exe not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\SweetIMReinstall not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\ilivid.7z not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\searchqu.ini not found.
File/Folder C:\DOCUME~1\Cassidy\LOCALS~1\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Documents and Settings\Cassidy\AppData\LocalLow\searchquband not found.
File/Folder C:\Documents and Settings\Cassidy\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Documents and Settings\Cassidy\Downloads\SweetImSetup.exe not found.
File/Folder C:\Documents and Settings\Cassidy\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Cassidy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cassidy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 402 bytes
->FireFox cache emptied: 19854658 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Cassidy
->Temp folder emptied: 42619556 bytes
->Temporary Internet Files folder emptied: 50123838 bytes
->Java cache emptied: 43168390 bytes
->FireFox cache emptied: 724588163 bytes
->Google Chrome cache emptied: 110512623 bytes
->Flash cache emptied: 9602 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes

User: LocalService
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 366897533 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 960566 bytes
RecycleBin emptied: 34371221 bytes

Total Files Cleaned = 1,329.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Cassidy
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Cassidy
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_130244

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




C. SystemLook.txt:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:13 on 04/08/2012 by Cassidy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 09/10/2011] [17:44 09/10/2011] B62A4F0A72A9AEA383DA12F7B9FB7E18
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:10 25/05/2011] [18:10 25/05/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\_OTL\MovedFiles\08042012_130244\C_Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\conduit.xml --a---- 913 bytes [01:43 28/07/2012] [01:43 28/07/2012] 11AD748B9FB212ECD1F6DCDD0ADE9C1A

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1(1).exe --a---- 823576 bytes [16:29 19/07/2012] [16:29 19/07/2012] 7FE0A45B70BF4F2727536EC6F305D7DF
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1.exe --a---- 823576 bytes [16:28 19/07/2012] [16:28 19/07/2012] 7FE0A45B70BF4F2727536EC6F305D7DF

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Tarma*"
C:\Documents and Settings\Cassidy\My Documents\Downloads\robes\slofs_new_ob_robe_trader\slofs_new_ob_robe_trader\meshes\clothes\asrobetrader\asrobestarmagef.nif --a---- 379329 bytes [00:58 16/06/2012] [08:55 23/09/2007] 424F8616AFA704823EC5BD251D736DD4
C:\Documents and Settings\Cassidy\My Documents\Downloads\robes\slofs_new_ob_robe_trader\slofs_new_ob_robe_trader\meshes\clothes\asrobetrader\asrobestarmagem.nif --a---- 311108 bytes [00:58 16/06/2012] [19:37 29/01/2008] 37B5716973E0369A4F5ECCCBF24D35DD

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\Cassidy\AppData\LocalLow\DataMngr d------ [17:23 22/07/2012]

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Ilivid Player d------ [16:42 19/07/2012]

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\08042012_130244\C_Documents and Settings\Cassidy\Application Data\searchquband d------ [17:23 22/07/2012]

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_CURRENT_USER\Software\Stardock\ComponentManager\Settings]
"LastCommunityTab"="games"
[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Stardock\ComponentManager\Settings]
"LastCommunityTab"="games"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Conduit]

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe]

Searching for "IObit"
[HKEY_CURRENT_USER\Software\NCH Software\VideoPad\ExportDialog]
"Disc_DVD_AudioBitrate"="192"
[HKEY_CURRENT_USER\Software\NCH Software\VideoPad\VideoOutput]
"MP4_AudioBitrate"="128"
[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\NCH Software\VideoPad\ExportDialog]
"Disc_DVD_AudioBitrate"="192"
[HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\NCH Software\VideoPad\VideoOutput]
"MP4_AudioBitrate"="128"

Searching for "Iminent"
No data found.

Searching for "Searchqu"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-




D. No changes in the system at the moment. No issue with Chrome or with creating a restore point.

[pgmigg]

Hello Mauxe,

Great job! But we are not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Double click on OTL.exe to run it.
2. Underneath Output at the top, make sure Standard Output is selected.
3. Copy and Paste the following code into the text box. Do not include the word Code
   

   Code: Select all

   :Reg
   [HKEY_CURRENT_USER\Software\Stardock\ComponentManager\Settings]
   "LastCommunityTab"=-
   [HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Stardock\ComponentManager\Settings]
   "LastCommunityTab"=-
   [-HKEY_CURRENT_USER\Software\Conduit]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
   [-HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Conduit]
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe]
   
   :Files
   C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1(1).exe
   C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1.exe
   C:\Documents and Settings\Cassidy\AppData\LocalLow\DataMngr
   C:\Documents and Settings\Cassidy\Local Settings\Application Data\Ilivid Player
   
   :Commands
   [EMPTYTEMP]
   [CREATERESTOREPOINT]
   

4. Click under the Custom Scan/Fixes box and paste the copied text.
5. Click the Run Fix button. If prompted... click OK.
6. OTL may ask to reboot the machine. Please do so if asked.
7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
8. Please post the contents of report in your next reply.

Step 2.
Malwarebytes' Anti-Malware

1. Please download Malwarebytes' Anti-Malware and save to your desktop.
2. Double click on mbam-setup.exe and follow the prompts to install the program.
3. At the end, be sure a checkmark is placed next to:
   Update Malwarebytes' Anti-Malware
   Launch Malwarebytes' Anti-Malware
4. Then click Finish.
5. If an update is found, it will download and install the latest version.
6. Once the program has loaded, select Perform Quick Scan, then click Scan.
7. When the scan is complete, click OK, then Show Results to view the results.
8. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
   Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
9. When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
10. The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 3.
SystemLook
You should still have SystemLook.exe on your desktop.

1. Double-click SystemLook.exe to run it.
   If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
2. Highlight and copy the following entries into SystemLook's main text entry window:
   

   Code: Select all

   :filefind
   *Conduit*
   *datamngr*
   *iLivid*
   *Searchqu*
   *Searchnu*
   
   :folderfind
   *Conduit*
   *datamngr*
   *iLivid*
   *Searchqu*
   *Searchnu*
   
   :Regfind
   Conduit
   datamngr
   iLivid
   Searchqu
   Searchnu
   

3. Press the Look button to start the scan.
   When finished, a Notepad window will open with the results of the scan.
   A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
4. Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Double-click OTL.exe to run it.
2. Under Output, ensure that Standard Output is selected.
3. Check the boxes labeled:
   
   • Scan All Users
   • Extra Registry > Use SafeList
4. Click on Run Scan at the top left hand corner.
5. When done, one Notepad file will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Please post the contents of OTL.txt file in your next reply.
   
   Please include in your next reply:
   
   1. Do you have any problems executing the instructions?
   2. Contents of the OTL.txt log file after OTL FixScript run
   3. Contents of a Malwarebytes' Anti-Malware log file
   4. Contents of the SystemLook.txt log file
   5. Contents of a OTL.txt log file after Fresh OTL scan
   6. Status of redirection from all browsers you used.
   7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[Mauxe]

A. No problems, thanks.

B. OTL log file:

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Stardock\ComponentManager\Settings\\LastCommunityTab deleted successfully.
Registry value HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Stardock\ComponentManager\Settings\\LastCommunityTab not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-725345543-1563985344-839522115-1003\Software\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1(1).exe moved successfully.
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1.exe moved successfully.
C:\Documents and Settings\Cassidy\AppData\LocalLow\DataMngr folder moved successfully.
C:\Documents and Settings\Cassidy\Local Settings\Application Data\Ilivid Player folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Cassidy
->Temp folder emptied: 1067 bytes
->Temporary Internet Files folder emptied: 1163112 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 57766281 bytes
->Flash cache emptied: 492 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_233842

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




C. MWB log file:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cassidy :: CASSIDY-9AB730E [administrator]

8/4/2012 11:48:05 PM
mbam-log-2012-08-04 (23-48-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205643
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




D. SystemLook log file:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:55 on 04/08/2012 by Cassidy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 09/10/2011] [17:44 09/10/2011] B62A4F0A72A9AEA383DA12F7B9FB7E18
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:10 25/05/2011] [18:10 25/05/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\_OTL\MovedFiles\08042012_130244\C_Documents and Settings\Cassidy\Application Data\Mozilla\Firefox\Profiles\hb52vbnf.default\searchplugins\conduit.xml --a---- 913 bytes [01:43 28/07/2012] [01:43 28/07/2012] 11AD748B9FB212ECD1F6DCDD0ADE9C1A

Searching for "*datamngr*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08042012_233842\C_Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1(1).exe --a---- 823576 bytes [16:29 19/07/2012] [16:29 19/07/2012] 7FE0A45B70BF4F2727536EC6F305D7DF
C:\_OTL\MovedFiles\08042012_233842\C_Documents and Settings\Cassidy\My Documents\Downloads\old\iLividSetupV1.exe --a---- 823576 bytes [16:28 19/07/2012] [16:28 19/07/2012] 7FE0A45B70BF4F2727536EC6F305D7DF

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

========== folderfind ==========

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\08042012_233842\C_Documents and Settings\Cassidy\AppData\LocalLow\DataMngr d------ [17:23 22/07/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08042012_233842\C_Documents and Settings\Cassidy\Local Settings\Application Data\Ilivid Player d------ [16:42 19/07/2012]

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\08042012_130244\C_Documents and Settings\Cassidy\Application Data\searchquband d------ [17:23 22/07/2012]

Searching for "*Searchnu*"
No folders found.

========== Regfind ==========

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"

Searching for "datamngr"
No data found.

Searching for "iLivid"
No data found.

Searching for "Searchqu"
No data found.

Searching for "Searchnu"
No data found.

-= EOF =-



E. OTL scan file:

OTL logfile created on: 8/4/2012 11:58:54 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Cassidy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.59% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 92.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 18.22 Gb Free Space | 23.32% Space Free | Partition Type: NTFS
Drive D: | 387.62 Gb Total Space | 46.41 Gb Free Space | 11.97% Space Free | Partition Type: NTFS
Drive E: | 629.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CASSIDY-9AB730E | User Name: Cassidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 20:01:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
PRC - [2012/07/11 23:15:16 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/09 12:53:41 | 000,688,360 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Files\WinRaR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 13:18:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 12:53:41 | 000,688,360 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/09 12:53:41 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2012/03/09 02:22:00 | 007,586,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/02/10 22:09:12 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/20 03:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/08/04 13:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/13 22:02:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 12:28:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programs\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: LastPass = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.11_0\
CHR - Extension: Illyriad = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnfbcdoedgikkjokbgejbgkgijnoaanb\1.3_0\
CHR - Extension: MLB.com Scoreboard = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld\0.1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail Checker = C:\Documents and Settings\Cassidy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\

O1 HOSTS File: ([2011/12/30 22:05:35 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-1563985344-839522115-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7808946421 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF9AAAED-6CB1-4E93-B985-B14237BE0F3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cassidy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/11 11:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/20 13:49:25 | 000,069,632 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/06/27 15:16:04 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - H:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-725345543-1563985344-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 23:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\Malwarebytes
[2012/08/04 23:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/04 23:46:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/04 23:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/04 23:45:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cassidy\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 13:02:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/03 20:01:48 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
[2012/08/03 19:16:30 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassidy\Desktop\tdsskiller.exe
[2012/08/01 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenXML-ODF Translator
[2012/08/01 20:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Start Menu\Programs\ODF Add-in for Microsoft Office
[2012/08/01 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/07/31 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\GameStop App
[2012/07/31 22:20:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09}
[2012/07/28 15:32:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cassidy\Start Menu\Programs\Administrative Tools
[2012/07/27 22:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\.techniclauncher
[2012/07/27 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/27 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/27 22:43:12 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/27 22:43:12 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/27 22:43:08 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 22:43:08 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/27 22:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\Application Data\Oracle
[2012/07/27 22:03:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/27 22:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/26 21:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/07/22 13:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cassidy\AppData
[2012/07/19 12:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/07/15 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/07/15 22:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2012/01/23 16:36:11 | 000,196,608 | ---- | C] (ICSharpCode.net) -- C:\Documents and Settings\Cassidy\ICSharpCode.SharpZipLib.dll
[2011/12/21 23:10:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/04 23:46:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 23:45:35 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cassidy\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 23:42:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/04 23:42:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 23:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 23:42:05 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/04 23:20:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/04 23:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/04 23:02:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1563985344-839522115-1003UA.job
[2012/08/04 14:46:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/08/04 13:12:05 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\SystemLook.exe
[2012/08/03 20:01:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cassidy\Desktop\OTL (1).exe
[2012/08/03 19:16:35 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cassidy\Desktop\tdsskiller.exe
[2012/08/03 19:09:59 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\CKScanner.exe
[2012/08/03 15:04:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Google Chrome.lnk
[2012/08/03 15:04:29 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/03 13:18:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/03 13:18:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/02 09:02:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1563985344-839522115-1003Core.job
[2012/08/01 17:58:02 | 000,104,476 | ---- | M] () -- C:\Documents and Settings\Cassidy\My Documents\mens tennis scores 8'1'12.JPG
[2012/07/31 22:20:54 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameStop App.lnk
[2012/07/29 09:57:00 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to technic-launcher.lnk
[2012/07/29 00:05:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/07/28 10:15:13 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to .techniclauncher.lnk
[2012/07/28 10:14:59 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Shortcut to .techniclauncher.lnk
[2012/07/27 22:43:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/27 22:43:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/27 22:23:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cassidy\My Documents\My Computer.lnk
[2012/07/26 21:37:13 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Generations.lnk
[2012/07/24 21:59:45 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Minecraft Mods2.lnk
[2012/07/24 21:59:25 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to .minecraft.lnk
[2012/07/22 19:05:26 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to Minecraft.lnk
[2012/07/17 01:51:07 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Cassidy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/15 22:56:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut (2) to Minecraft_Server.lnk
[2012/07/12 00:29:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 12:53:41 | 000,148,664 | ---- | M] (Webroot) -- C:\WINDOWS\System32\WRusr.dll
[2012/07/09 12:53:41 | 000,111,632 | ---- | M] (Webroot) -- C:\WINDOWS\System32\drivers\WRkrn.sys

========== Files Created - No Company Name ==========

[2012/08/04 23:46:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 13:12:08 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\SystemLook.exe
[2012/08/03 19:10:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\CKScanner.exe
[2012/08/01 17:58:01 | 000,104,476 | ---- | C] () -- C:\Documents and Settings\Cassidy\My Documents\mens tennis scores 8'1'12.JPG
[2012/07/31 22:20:54 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameStop App.lnk
[2012/07/29 09:57:00 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to technic-launcher.lnk
[2012/07/28 10:15:13 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to .techniclauncher.lnk
[2012/07/28 10:14:59 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Shortcut to .techniclauncher.lnk
[2012/07/27 22:23:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cassidy\My Documents\My Computer.lnk
[2012/07/26 21:37:13 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 Generations.lnk
[2012/07/24 21:59:45 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Minecraft Mods2.lnk
[2012/07/24 21:59:25 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to .minecraft.lnk
[2012/07/20 15:19:30 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut to Minecraft.lnk
[2012/07/15 22:56:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Cassidy\Desktop\Shortcut (2) to Minecraft_Server.lnk
[2012/05/14 23:19:37 | 000,184,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/18 00:51:44 | 000,103,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1563985344-839522115-1003-0.dat
[2012/04/18 00:51:43 | 000,103,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/17 22:43:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/17 21:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/04/17 21:19:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/04/17 21:19:58 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/04/17 21:19:58 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/04/09 23:26:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 14:11:50 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/08 14:10:26 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/08 14:10:16 | 000,240,124 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/08 14:10:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/30 19:18:46 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Cassidy\GoToAssistDownloadHelper.exe
[2011/12/21 23:10:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\inst.exe
[2011/12/21 23:10:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.cat
[2011/12/21 23:10:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\pcouffin.inf
[2011/11/06 21:22:27 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll
[2011/11/06 21:22:27 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll
[2011/11/06 21:22:27 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\pythoncomloader27.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/08/28 00:30:53 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Cassidy\.recently-used.xbel
[2011/07/23 11:10:15 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\vso_ts_preview.xml
[2011/06/22 22:27:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/20 21:54:06 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011/06/20 21:52:34 | 000,176,495 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011/06/20 21:52:24 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011/06/19 01:23:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/06/13 14:48:43 | 000,017,460 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/12 08:53:19 | 000,138,904 | ---- | C] () -- C:\Documents and Settings\Cassidy\Application Data\PnkBstrK.sys
[2011/06/12 08:52:57 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011/06/11 16:23:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/11 11:20:30 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Cassidy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 11:17:19 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/06/11 11:09:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 11:06:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/11 06:58:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/11 06:57:24 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

< End of report >



F. No redirection from browsers

G. No issues with computer

[pgmigg]

Hello Mauxe,

F. No redirection from browsers

It is nice to read, but please tell me, what home page you see when you run Google Chrome now?

Then, please run online scanner:

ESET NOD32 Online Scan

Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.

1. Click the green [ESET Online Scanner] button.
2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
3. Click the green [Start] button.
4. Accept any security warnings from your browser and allow the download/installation of any require files.
   If your browser blocks or halts a download, please allow it to download any required files.
5. Under scan settings:
   
   • Check "Scan archives"
   • Remove found threats is UNCHECKED
6. Click Advanced settings ... select the following:
   
   • Scan potentially unwanted applications
   • Scan for potentially unsafe applications
   • Enable Anti-Stealth technology
7. Click the [Start] button.
   ESET will install itself, download virus signature database updates and begin scanning your computer.
   The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
8. When the scan completes... press the text:
9. Press the text: ... then save the file to your desktop as ESETScan.txt.
10. Press the [Back] button... then press the [Finish] button.
11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Answer for my question about current home page for Google Chrome.
3. Contents of scan results from ESETScan.txt file.
4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[Mauxe]

A. No problems with instructions

B. Current home page for Chrome is www.google.com. This sometimes hangs for a bit when I first open Chrome. If I hit refresh it loads google right away though.

C. ESET log:

C:\Documents and Settings\Cassidy\My Documents\Downloads\D2\Audacity_971.exe a variant of Win32/InstallIQ application
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\aarrgghh_ice-and-snow.exe Win32/OpenCandy application
C:\Documents and Settings\Cassidy\My Documents\Downloads\old\DTLite4452-0287.exe Win32/OpenCandy application

D. Nothing new with computer behavior.

[pgmigg]

Hello Mauxe,

B. Current home page for Chrome is http://www.google.com.
D. Nothing new with computer behavior.

In your latest logs I see a few minor issues to clean and would like to know more details about current conditions of initial symptoms you posted.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

1. Double click on OTL.exe to run it.
2. Underneath Output at the top, make sure Standard Output is selected.
3. Copy and Paste the following code into the text box. Do not include the word Code
   

   Code: Select all

   OTL:
   CHR - homepage: http://www.searchnu.com/406
   
   :Files
   C:\Documents and Settings\Cassidy\My Documents\Downloads\D2\Audacity_971.exe
   C:\Documents and Settings\Cassidy\My Documents\Downloads\old\aarrgghh_ice-and-snow.exe
   C:\Documents and Settings\Cassidy\My Documents\Downloads\old\DTLite4452-0287.exe
   
   :Commands
   [EMPTYTEMP]
   [CREATERESTOREPOINT]
   

4. Click under the Custom Scan/Fixes box and paste the copied text.
5. Click the Run Fix button. If prompted... click OK.
6. OTL may ask to reboot the machine. Please do so if asked.
7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
8. Please post the contents of report in your next reply.

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the OTL.txt log file after OTL FixScript run
3. Detailed explanation about current conditions I asked.
4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[NonSuch]

Due to a lack of activity within the proscribed time period, this topic is now closed.