TechSpot

Broni, did you solve this malware problem?

Solved
By AlexKent
Aug 30, 2012
  1. Malwarebytes scan yeilded 6 results, 2 for google drive,
    googledrivesync32.dll

    and 4 for for HKEY_CLASSES_ROOT\CLSID\
    {81539fe6-33c7-4ce7-90c7-1c7b8f2f2d40}
    {81539fe6-33c7-4ce7-90c7-1c7b8f2f2d41}
    {81539fe6-33c7-4ce7-90c7-1c7b8f2f2d42}
    {81539fe6-33c7-4ce7-90c7-1c7b8f2f2d43}

    I did a google search on both, said googledrivesync32 was ok, but the HKEY reg led me to you. Said it was Trojan.ZeroAccess!inf

    Do I have a problem??
    I used to do pc support a long time ago, but it seems just one program (I.e. Malwarebytes), doesn't solve it alone... Help!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    Wow! I can't believe the warnings and suggestions of doing a reformat of the hard drive. Hopefully you'll be able to tell me from the scans if I was ever infected by a back door trojan before doing all that!

    Ok, Step 1 MBAM log file

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.31.06

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Alex :: ALEX-PC [administrator]

    8/31/2012 6:03:11 AM
    mbam-log-2012-08-31 (06-03-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248228
    Time elapsed: 11 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    NOTE: the 6 files I mentioned in the beginning were somehow in the ignore tab of MBAM, so I deleted them. Also, there was a file in the quarantine tab (from a previous session months ago);
    Vendor tab Category tab Item
    Spyware.OnlineGames RegistryKey HKCR\AppID\{fa8edcdd-efa2-477b-b00a-7f28f02cd37e}
    I deleted it!

    Next Step 2 GMER.exe
    log file -

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-31 06:43:53
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
    Running: 70hxvvi5.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    Next Step 3 DDS log file, and Attach.txt log file

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_32
    Run by Alex at 7:08:22 on 2012-08-31
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.945 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\system32\lxbmcoms.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\notepad.exe
    C:\Program Files\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
    uRun: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
    StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dimdim.lnk - c:\program files\dimdim\plugin\application\Dimdim.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 75.94.255.12 64.13.115.12
    TCP: Interfaces\{1DBCD64C-609C-44A3-AE3A-D6882C43B115} : DhcpNameServer = 75.94.255.12 64.13.115.12
    TCP: Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188} : DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{BD50A76B-EC61-4035-8AB4-8FDB5850BC27} : DhcpNameServer = 10.0.0.1
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\sstgyfix.default\
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4af104ef&v=6.103.018.001&I=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\sstgyfix.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
    FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\sstgyfix.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\dimdim\plugin\application\npDimDimControl.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\alex\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\alex\appdata\roaming\move networks\plugins\npqmp071500000347.dll
    FF - plugin: c:\users\alex\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\alex\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\alex\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2011-3-29 407552]
    R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe -service --> c:\windows\system32\lxbmcoms.exe -service [?]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-29 204800]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2011-11-22 108376]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-10-17 340992]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-10-17 48768]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-2-16 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-2-16 812544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]
    S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-10-29 3504440]
    S3 B-Service;B-Service;c:\users\alex\appdata\roaming\mikogo\B-Service.exe [2009-8-23 185640]
    S3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2011-11-22 124760]
    S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2011-11-22 120664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-6 113120]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-10-29 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-10-29 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-10-29 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-2-16 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-2-16 79136]
    .
    =============== Created Last 30 ================
    .
    2012-08-30 18:26:39 711240 ----a-w- c:\windows\isRS-000.tmp
    .
    ==================== Find3M ====================
    .
    2012-08-27 03:11:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-27 03:11:05 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 7:08:41.70 ===============

    ATTACH.TXT - - - -

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/29/2008 3:06:49 PM
    System Uptime: 8/31/2012 5:41:47 AM (2 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | N/A | 1833/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 178 GiB total, 82.474 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP622: 2/1/2012 2:11:06 PM - Scheduled Checkpoint
    RP623: 3/24/2012 2:09:11 PM - Scheduled Checkpoint
    RP624: 5/1/2012 11:58:31 PM - Installed Java(TM) 6 Update 32
    RP625: 5/29/2012 12:19:55 AM - Installed AVG 2012
    RP626: 5/29/2012 12:23:50 AM - Removed AVG 2012
    RP627: 7/8/2012 1:52:20 PM - Installed CLEAR Connection Manager.
    RP628: 7/12/2012 2:20:39 PM - Scheduled Checkpoint
    RP629: 7/22/2012 7:23:49 PM - Windows Update
    RP630: 7/22/2012 7:26:55 PM - Windows Update
    RP631: 7/22/2012 7:54:16 PM - Windows Update
    RP632: 7/22/2012 8:00:31 PM - Windows Update
    RP633: 8/10/2012 6:20:25 AM - Scheduled Checkpoint
    RP634: 8/18/2012 9:57:05 PM - Windows Update
    RP635: 8/28/2012 2:56:15 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    7-Zip 4.64
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0
    Alps Pointing-device for VAIO
    AOL Toolbar 4.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AXIS Camera Server Control
    Bonjour
    CDisplay 1.8
    CLEAR Connection Manager
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Corel Paint Shop Pro Photo X2
    Crackle Screen Saver 1.0
    DivX Web Player
    Foxit Reader
    Foxit Toolbar
    GearDrvs
    Google Drive
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 32
    LiveUpdate BVRP Software
    LocationFree Player
    Loki ActiveX Control
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mikogo
    mobile PhoneTools
    Move Media Player
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Napster
    Napster Burn Engine
    Norton 360
    OpenMG Limited Patch 4.7-07-15-19-01
    OpenMG Secure Module 4.7.00
    OpenOffice.org Installer 1.0
    QuickBooks Simple Start 2008
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Easy Media Creator Home
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Setting Utility Series
    Skype Toolbars
    Skype™ 4.2
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Video Shared Library
    Spy Sweeper
    SUPERAntiSpyware Free Edition
    SupportSoft Assisted Service
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Office 2007 (KB934528)
    Update for Office System 2007 Setup (KB929722)
    VAIO Center Access Bar
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO DVD Menu Data Basic
    VAIO Entertainment Center
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.2
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO OOBE and Welcome Center
    VAIO Original Function Setting
    VAIO PC Wireless LAN Wizard
    VAIO Power Management
    VAIO Productivity Center
    VAIO Security Center
    VAIO Service Utility
    VAIO Smart Network
    VAIO Startup Assistant
    VAIO Survey
    VAIO Update 3
    VAIO Wallpaper Contents
    Vista Codec Package
    VLC media player 1.0.0
    WebMeeting Plug-in
    WinDVD for VAIO
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  5. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    rKill.txt log

    Rkill 2.3.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/01/2012 05:55:58 AM in x86 mode.
    Windows Version: Windows Vista (TM) Home Premium Service Pack 1

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Automatic

    * pcmcia => system32\DRIVERS\pcmcia.sys [Incorrect ImagePath]
    * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Program finished at: 09/01/2012 05:56:17 AM
    Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)

    end of rKill log

    aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-01 06:03:05
    -----------------------------
    06:03:05.017 OS Version: Windows 6.0.6001 Service Pack 1
    06:03:05.017 Number of processors: 2 586 0xF0D
    06:03:05.018 ComputerName: ALEX-PC UserName: Alex
    06:03:11.029 Initialize success
    06:04:53.491 AVAST engine defs: 12083102
    06:05:17.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    06:05:17.841 Disk 0 Vendor: TOSHIBA_ LB01 Size: 190782MB BusType: 3
    06:05:17.841 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000075
    06:05:17.841 Disk 1 Vendor: ( Size: 190782MB BusType: 0
    06:05:17.851 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000076
    06:05:17.851 Disk 2 Vendor: ( Size: 190782MB BusType: 0
    06:05:17.901 Disk 0 MBR read successfully
    06:05:17.901 Disk 0 MBR scan
    06:05:17.911 Disk 0 Windows VISTA default MBR code
    06:05:17.921 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8110 MB offset 2048
    06:05:17.951 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182670 MB offset 16611328
    06:05:17.961 Disk 0 scanning sectors +390719488
    06:05:18.031 Disk 0 scanning C:\Windows\system32\drivers
    06:05:30.061 Service scanning
    06:06:16.461 Modules scanning
    06:06:43.293 Disk 0 trace - called modules:
    06:06:43.313 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    06:06:43.323 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86531360]
    06:06:43.333 3 CLASSPNP.SYS[889a5745] -> nt!IofCallDriver -> [0x85a06710]
    06:06:43.343 5 acpi.sys[806976a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a08030]
    06:06:44.103 AVAST engine scan C:\Windows
    06:06:49.773 AVAST engine scan C:\Windows\system32
    06:10:12.473 AVAST engine scan C:\Windows\system32\drivers
    06:10:27.813 AVAST engine scan C:\Users\Alex
    06:27:49.678 AVAST engine scan C:\ProgramData
    06:32:39.854 Scan finished successfully
    06:37:32.697 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
    06:37:32.707 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"


    Seems like we're looking good so far, no back door trojans...
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I know.... I'm bad about cleaning out my tmp files

    ComboFix 12-09-01.01 - Alex 09/02/2012 12:20:34.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1107 [GMT -4:00]
    Running from: c:\users\Alex\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\windows\isRS-000.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-02 16:31 . 2012-09-02 16:32 -------- d-----w- c:\users\Alex\AppData\Local\temp
    2012-09-02 16:31 . 2012-09-02 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-02 16:31 . 2012-09-02 16:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-09-02 16:31 . 2012-09-02 16:31 -------- d-----w- c:\users\backup\AppData\Local\temp
    2012-08-06 03:57 . 2012-08-06 03:57 -------- d-----w- c:\users\Default\AppData\Local\Google
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-27 03:11 . 2012-05-02 03:46 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-27 03:11 . 2011-07-08 16:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2010-01-24 02:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-23 00:04 . 2011-03-25 21:35 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
    @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
    [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
    2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-11 2424192]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2011-11-22 59224]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    .
    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Dimdim.lnk - c:\program files\Dimdim\Plugin\Application\Dimdim.exe [2010-9-15 632104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0SsiEfr.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
    backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
    backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-23 06:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
    2007-09-19 19:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2008-10-17 01:57 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    2007-07-27 23:29 5086008 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
    2007-09-06 23:38 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
    2007-08-28 01:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
    2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
    2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
    2007-10-13 00:29 45056 ----a-w- c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - KXLDRPOG
    *NewlyCreated* - MBAMSWISSARMY
    *Deregistered* - aswMBR
    *Deregistered* - kxldrpog
    *Deregistered* - MBAMSwissArmy
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 20:44]
    .
    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 20:44]
    .
    2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842928199-3828368821-3855924236-1000Core.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 22:17]
    .
    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842928199-3828368821-3855924236-1000UA.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 22:17]
    .
    2012-09-01 c:\windows\Tasks\next.job
    - c:\programdata\Dimdim\Updater\next.exe [2010-09-15 13:52]
    .
    2012-09-02 c:\windows\Tasks\User_Feed_Synchronization-{81C14E2A-C60C-4D39-B62F-A70DA263A555}.job
    - c:\windows\system32\msfeedssync.exe [2011-11-19 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.94.255.12 64.13.115.12
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4af104ef&v=6.103.018.001&I=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-02 12:32
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    ? [3716]
    ? [14348]
    ? [14372]
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-09-02 12:34:41
    ComboFix-quarantined-files.txt 2012-09-02 16:34
    .
    Pre-Run: 87,658,938,368 bytes free
    Post-Run: 105,239,334,912 bytes free
    .
    - - End Of File - - 3A87477D07B53D2DA6B9823F30C73A89
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Looks good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    Couple things before I paste the logs.
    I noticed default scan was for 30 day aged files. I suppose that was what you wanted.
    I'm surprised that 65% of my RAM is used with virtually nothing open, although Vista is a memory hog.
    Upon quickly eyeballing/viewing the OTL log, this caught my eye
    DRV - File not found.........C:\Users\Alex\AppData\Local\Temp\catchme.sys -- (catchme)

    at the end of the Extras log, from 6/27/2010 an error suggesting BIOS upgrade. I really hate to *#*! with it if I don't have to...
    Also, I know I need to upgrade Vista to SP2, I'll do it after we're done, lol

    Ok, here are the logs ~

    OTL logfile created on: 9/3/2012 6:28:58 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Alex\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.34% Memory free
    4.22 Gb Paging File | 2.60 Gb Available in Paging File | 61.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.39 Gb Total Space | 94.31 Gb Free Space | 52.87% Space Free | Partition Type: NTFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/03 06:25:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    PRC - [2012/09/02 13:57:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/09/02 13:57:22 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2012/08/26 23:11:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    PRC - [2012/07/22 20:04:56 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/07/12 23:50:06 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/11/22 12:37:54 | 000,120,664 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
    PRC - [2011/11/22 12:37:48 | 000,124,760 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
    PRC - [2011/11/22 12:37:48 | 000,108,376 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    PRC - [2011/11/22 12:37:48 | 000,059,224 | ---- | M] (ClearwireCM) -- C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
    PRC - [2011/03/29 14:10:00 | 000,407,552 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/16 17:44:44 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/01/16 15:49:26 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2007/10/10 20:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2007/09/20 14:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    PRC - [2007/09/05 12:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/08/15 00:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2007/06/08 08:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2007/06/08 08:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2007/06/08 08:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2007/01/30 11:37:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbmcoms.exe
    PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/02 14:00:59 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/09/02 14:00:59 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012/08/26 23:11:05 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
    MOD - [2012/07/22 20:04:56 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/11/22 12:37:06 | 000,452,440 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\libxvi010.dll
    MOD - [2011/11/22 12:37:02 | 000,120,664 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\Pac.dll
    MOD - [2011/11/22 12:36:54 | 000,071,512 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\Eap.dll
    MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2007/09/19 08:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2012/09/02 13:57:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/07/22 20:04:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/11/22 12:37:54 | 000,120,664 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
    SRV - [2011/11/22 12:37:48 | 000,124,760 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
    SRV - [2011/11/22 12:37:48 | 000,108,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
    SRV - [2011/03/29 14:10:00 | 000,407,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
    SRV - [2009/08/23 22:21:36 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Alex\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/29 15:18:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/16 15:49:26 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2007/09/29 01:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2007/09/23 14:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2007/09/20 22:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2007/09/05 12:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2007/08/28 20:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2007/08/28 20:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2007/08/15 00:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2007/08/09 03:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
    SRV - [2007/08/09 03:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
    SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
    SRV - [2007/08/09 03:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
    SRV - [2007/07/27 19:29:50 | 003,504,440 | ---- | M] (Webroot Software, Inc.) [Auto | Stopped] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2007/06/28 12:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2007/06/28 12:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2007/05/24 10:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2007/01/30 11:37:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbmcoms.exe -- (lxbm_device)
    SRV - [2007/01/10 19:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/12/14 06:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 06:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 05:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Alex\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/02 13:57:20 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2012/09/02 13:57:19 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/10/17 11:05:06 | 000,340,992 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
    DRV - [2011/10/17 11:03:12 | 000,048,768 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
    DRV - [2010/08/05 07:55:24 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2010/07/08 00:50:44 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/03/28 09:38:00 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
    DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
    DRV - [2007/09/19 17:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2007/09/19 08:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/18 23:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/07/27 19:28:28 | 000,020,792 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2007/07/27 19:28:26 | 000,144,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (SSIDRV)
    DRV - [2007/07/27 19:28:24 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (SSHRMD)
    DRV - [2007/07/27 19:28:24 | 000,020,280 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SSFS0509.sys -- (SSFS0509)
    DRV - [2007/06/08 08:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/06/05 08:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/05/24 20:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2005/11/01 04:12:12 | 000,048,896 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0536541C-BFBB-4A68-A4F8-5D39EDB7D65D}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\SearchScopes\{0536541C-BFBB-4A68-A4F8-5D39EDB7D65D}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4af1...&q={searchTerms}&lng={language}&iy=b&ychte=us
    IE - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4af104ef&v=6.103.018.001&I=23&tp=ab&iy=&ychte=us&lng=en-US&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@dimdim.com/DimdimPlugin: C:\Program Files\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Alex\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/16 15:33:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 13:50:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 20:04:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 00:00:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Alex\AppData\Roaming\Move Networks [2009/09/28 21:37:40 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 20:04:57 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 00:00:33 | 000,000,000 | ---D | M]

    [2009/07/19 16:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
    [2009/01/02 21:19:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\extensions
    [2009/01/02 21:19:16 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2012/05/20 02:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\extensions
    [2012/05/20 02:42:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/03/26 14:53:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\extensions\engine@conduit.com
    [2012/07/06 13:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/07 11:06:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/07/02 13:50:34 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/07/22 20:04:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/10/07 09:46:27 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/02 12:32:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 4.0\resources\en-us\local\search.html ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.94.255.12 64.13.115.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DBCD64C-609C-44A3-AE3A-D6882C43B115}: DhcpNameServer = 75.94.255.12 64.13.115.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188}: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD50A76B-EC61-4035-8AB4-8FDB5850BC27}: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O34 - HKLM BootExecute: (SsiEfr.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/03 06:25:45 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2012/09/02 14:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/09/02 12:34:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/02 12:34:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/02 12:34:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
    [2012/09/02 12:17:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/02 12:17:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/02 12:17:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/02 12:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/02 12:16:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/02 11:16:57 | 004,742,930 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2012/09/02 11:13:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\TechSpotPgms
    [2012/08/31 07:03:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\TechSpotLogs
    [2012/08/29 04:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Music
    [2012/08/23 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Colonial
    [2012/08/21 00:54:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Colonial CBTs
    [2 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/03 06:34:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81C14E2A-C60C-4D39-B62F-A70DA263A555}.job
    [2012/09/03 06:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842928199-3828368821-3855924236-1000UA.job
    [2012/09/03 06:25:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2012/09/03 06:18:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/03 06:18:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/03 06:18:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/03 04:55:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/02 18:06:55 | 000,247,364 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/09/02 18:00:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\next.job
    [2012/09/02 13:59:31 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/02 13:59:20 | 000,000,104 | ---- | M] () -- C:\SBCurrentSetting.xml
    [2012/09/02 13:59:12 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/02 12:32:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/02 12:15:55 | 004,742,930 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2012/09/02 08:23:49 | 093,535,809 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/09/01 06:37:32 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/08/30 23:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842928199-3828368821-3855924236-1000Core.job
    [2012/08/07 22:33:39 | 264,804,640 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/02 12:17:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/02 12:17:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/02 12:17:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/02 12:17:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/02 12:17:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/01 06:37:32 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/08/07 23:01:01 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/07/08 13:51:39 | 000,000,238 | ---- | C] () -- C:\Windows\System32\initparams.ini
    [2011/10/17 10:56:58 | 001,902,872 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
    [2010/10/30 18:27:36 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
    [2010/10/07 11:08:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/07/20 14:19:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/11/14 02:58:25 | 000,041,472 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/13 16:09:59 | 000,002,010 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2011/09/28 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVG2012
    [2010/10/07 11:59:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\dimdim
    [2009/01/02 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Foxit
    [2009/07/09 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InterVideo
    [2009/10/14 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mikogo
    [2011/01/19 01:30:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless
    [2008/11/13 16:10:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
    [2009/07/19 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
    [2011/09/28 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\backup\AppData\Roaming\AVG2012
    [2010/10/12 01:58:31 | 000,000,000 | ---D | M] -- C:\Users\backup\AppData\Roaming\dimdim
    [2012/09/02 18:00:00 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\next.job
    [2012/09/02 13:58:08 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/09/03 06:34:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81C14E2A-C60C-4D39-B62F-A70DA263A555}.job

    ========== Purity Check ==========

    < End of report >
     
  10. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    [Extras log]

    OTL Extras logfile created on: 9/3/2012 6:28:58 AM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Alex\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.34% Memory free
    4.22 Gb Paging File | 2.60 Gb Available in Paging File | 61.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.39 Gb Total Space | 94.31 Gb Free Space | 52.87% Space Free | Partition Type: NTFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2D373856-02C0-4972-AB74-B786B4E65846}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3F847B2F-C6BF-46C3-B2EF-58F26EA637BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4EBC5ED0-7CE5-4E1E-A082-48A4DC0C2E16}" = lport=139 | protocol=6 | dir=in | app=system |
    "{783F7DA5-66A4-4823-885F-EEFC70A1D5C2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7F483ACB-96B9-484E-A952-7288AE90E48E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A2FA3FDC-32DA-4C94-93AE-C945D8F76B6A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{AA51938A-A7B8-4394-B08A-3A451AF63D5E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{ADC5A40F-91A2-4B90-8DC0-D263C5A9910A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B99422E3-DA3E-4EDE-AA56-614F7A1E77D7}" = lport=138 | protocol=17 | dir=in | app=system |
    "{DA13F3AF-B034-4524-BBAB-6A3AE3FDE474}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07DE3CB9-B52A-4F43-A76A-BA5EBB4706A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0B0E8684-F13F-4859-A0B0-BCE32DF709A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{1DB37B32-FC6C-4858-984F-709C9308C495}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{28D19C53-6FFD-414F-940C-8FE8ECC49683}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{372EF777-3BDD-4DE2-BFF3-5E2C6C9BA4E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{474C9545-9248-4F11-804A-BD0EC5BDFD3C}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{4BA1D4CD-303F-4D7D-9DC8-98624FBC27C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{57426FA8-1C80-4B1D-8CCB-70924BF02D9B}" = dir=in | app=c:\program files\dimdim\plugin\application\myscreen.exe |
    "{57AB0698-85A6-4E1F-A749-249EE464E496}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{587DFB2B-C494-44E8-833D-D0EEECD493E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5B1B4297-694E-4360-8C79-927AE28D258B}" = protocol=17 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
    "{6375F3C7-069F-4F3A-82B4-353AD0B0F640}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{65B47238-451A-4D12-BC3A-EBDD9B78469B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{6A8265E5-A223-416C-A0CD-87280445C671}" = dir=in | app=c:\programdata\dimdim\updater\next.exe |
    "{82A2A7A8-1849-4C74-8FEC-C5820B0F4290}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{93E134B5-32DE-4ED5-B635-F257B20BE476}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
    "{95D78D7D-FD2F-49B9-B61D-AFEBDD5490DF}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
    "{97C2B95A-1A20-44D2-B54E-D9093129EBB5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{9B933B38-236E-40EC-9F6C-17B264E4B221}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{A0792E51-C077-410A-87CA-70D8BF413C25}" = protocol=6 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
    "{A120F0B8-5DDD-4C31-9C37-909C6FEA1DCD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{A19DCCF0-3113-48E9-9949-084CF6DA0557}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A84175F0-AD65-429A-84DB-D11A23822C9E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{A89ED8C7-6D36-46AF-9BC6-CC6EBB524E15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A96C4DCB-DA42-4102-8C34-4164492914E4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{B7AC45D8-FC12-4504-9DE2-EF64C05651A0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{B97E86D9-9D4C-45AA-86CA-A921B10E767A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BD130360-2996-40F8-98A8-E35341B60A03}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CC4E7708-5FEF-47EE-AF78-57A5A1465440}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{CD181B62-3DC2-4609-B8A0-4836420BC420}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{CED79387-9CFC-4D21-BEFA-5C187CAEF7C8}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
    "{D2E29B02-C0EF-4947-8A5E-9E6D29066999}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{D8F048A5-BAAC-4C1B-84E2-55DFB95E8DA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DD56C7C3-C6B1-467F-B99A-E23CCCFFC168}" = dir=in | app=c:\program files\dimdim\plugin\application\dimdim.exe |
    "{DF18D14F-AC06-4087-A705-A298CF4A2A07}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{E040F1E9-C9EA-4713-BB1B-D4A5D3FE1180}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{E31FA20B-5F9B-4878-AB94-0324087FB42B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{F2E063CC-BC2A-4743-AE7D-B0C1AB0FE374}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{FC02D9E5-4A8B-4F43-9484-F08CDEAB6E89}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{FEF24B41-EB69-4FDE-AF58-5A93AE7343D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "TCP Query User{1FA9142E-4F37-4E77-9485-1EC1EEB67E66}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
    "TCP Query User{43C05E0F-8E83-4240-812E-F9EC045394C7}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{7560B601-28B8-494A-AF50-C2CB16C93E58}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{B3DF6BED-7F19-4AA4-855A-09413185C804}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{BBF98D1D-1858-4E22-99D3-948F6774A6E2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{E8635634-08C6-4508-A0C7-71C3E53BD123}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{2F1573A6-3939-493B-A334-76CDF3EF28FB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{8A818B9D-2F12-4891-A2D6-B777BFC952BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{9E5D454B-D040-4FA5-9663-5350FAF02253}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{A0D9E224-AF08-4D2D-918B-0AB195B977F7}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
    "UDP Query User{CC90A451-4718-4F32-8C25-EAB78433C33E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{E9AE329D-1A3F-44BA-820F-D574B8A6FE85}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
    "{781337AB-FB90-466A-B06A-46F112C95D54}" = CLEAR Connection Manager
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
    "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
    "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper
    "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
    "{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
    "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
    "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
    "{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
    "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
    "{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
    "{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
    "{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.64
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AOL Toolbar 4.0" = AOL Toolbar 4.0
    "Ask Toolbar_is1" = Foxit Toolbar
    "AVG" = AVG 2012
    "AXIS Camera Server Control" = AXIS Camera Server Control
    "CDisplay_is1" = CDisplay 1.8
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
    "Foxit Reader" = Foxit Reader
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "Loki ActiveX Control" = Loki ActiveX Control
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mikogo" = Mikogo
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
    "VAIO Service Utility" = VAIO Service Utility
    "VLC media player" = VLC media player 1.0.0
    "WebMeeting Plug-in" = WebMeeting Plug-in
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3842928199-3828368821-3855924236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2011 7:03:28 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23051394

    Error - 7/1/2011 7:03:29 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/1/2011 7:03:29 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 23052408

    Error - 7/1/2011 7:03:29 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23052408

    Error - 7/1/2011 7:03:30 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/1/2011 7:03:30 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 23053406

    Error - 7/1/2011 7:03:30 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23053406

    Error - 7/1/2011 7:03:31 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/1/2011 7:03:31 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 23054405

    Error - 7/1/2011 7:03:31 AM | Computer Name = ALEX-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23054405

    [ System Events ]
    Error - 6/19/2010 9:50:26 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/19/2010 10:22:12 PM | Computer Name = Alex-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 001F3C4B512E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/21/2010 7:33:06 PM | Computer Name = Alex-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 001F3C4B512E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/22/2010 2:10:54 AM | Computer Name = Alex-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.138 for the Network Card with network
    address 001F3C4B512E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/22/2010 5:59:47 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 6/22/2010 9:57:32 PM | Computer Name = Alex-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 001F3C4B512E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/23/2010 1:05:35 AM | Computer Name = Alex-PC | Source = DCOM | ID = 10016
    Description =

    Error - 6/23/2010 1:05:35 AM | Computer Name = Alex-PC | Source = DCOM | ID = 10016
    Description =

    Error - 6/23/2010 1:06:09 AM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
    Description =

    Error - 6/27/2010 10:37:19 PM | Computer Name = Alex-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Vista handles RAM in a different way than XP so the above is normal.
    As soon as you start your computer Vista will cache most of available RAM for immediate use whenever needed.
    More info: http://www.codinghorror.com/blog/2006/09/why-does-vista-use-all-my-memory.html

    It's part of Combofix. Nothing to worry about.

    Leave BIOS alone.

    ======================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      [2009/01/02 21:19:16 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      
      :Files
      C:\Program Files\AskBarDis
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I got busy. I'll try and knock it out tmrw,
    Thanks B
     
  13. Broni

    Broni Malware Annihilator Posts: 47,015   +255

  14. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    Custom Scan/Fix Log...

    All processes killed
    ========== OTL ==========
    Error: No service named CLTNetCnService was found to stop!
    Service\Driver key CLTNetCnService not found.
    File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Folder C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    ========== FILES ==========
    File\Folder C:\Program Files\AskBarDis not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex
    ->Temp folder emptied: 20794362 bytes
    ->Temporary Internet Files folder emptied: 153447524 bytes
    ->Java cache emptied: 13977226 bytes
    ->FireFox cache emptied: 146821381 bytes
    ->Apple Safari cache emptied: 167077888 bytes
    ->Flash cache emptied: 2083218 bytes

    User: All Users

    User: backup
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 22096954 bytes
    ->Java cache emptied: 28409183 bytes
    ->FireFox cache emptied: 72018996 bytes
    ->Apple Safari cache emptied: 9290752 bytes
    ->Flash cache emptied: 23721 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49693031 bytes
    ->Apple Safari cache emptied: 860160 bytes
    ->Flash cache emptied: 4667 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2868 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 56141 bytes

    Total Files Cleaned = 655.00 mb


    [EMPTYJAVA]

    User: Alex
    ->Java cache emptied: 0 bytes

    User: All Users

    User: backup
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Guest

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Alex
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: backup
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 09122012_202048

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ______________________________END of OTL

    Security Check results -

    Results of screen317's Security Check version 0.99.50
    Windows Vista Service Pack 1 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Spy Sweeper
    SUPERAntiSpyware Free Edition
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java 7 Update 7
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
    _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

    FSS log...
    Farbar Service Scanner Version: 06-08-2012
    Ran by Alex (administrator) on 12-09-2012 at 21:02:13
    Running from "C:\Users\Alex\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll
    [2008-01-20 22:24] - [2008-01-20 22:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

    C:\Windows\system32\Drivers\afd.sys
    [2011-09-05 08:42] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-05-27 03:11] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

    C:\Windows\system32\dnsrslvr.dll
    [2011-05-27 03:09] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

    C:\Windows\system32\mpssvc.dll
    [2008-01-20 22:24] - [2008-01-20 22:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

    C:\Windows\system32\bfe.dll
    [2008-01-20 22:23] - [2008-01-20 22:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe
    [2008-01-20 22:23] - [2008-01-20 22:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

    C:\Windows\system32\wscsvc.dll
    [2008-01-20 22:23] - [2008-01-20 22:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

    C:\Windows\system32\wbem\WMIsvc.dll
    [2008-01-20 22:24] - [2008-01-20 22:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2008-01-20 22:25] - [2008-01-20 22:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

    C:\Windows\system32\es.dll
    [2011-05-27 03:12] - [2008-04-18 01:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

    C:\Windows\system32\cryptsvc.dll
    [2008-01-20 22:24] - [2008-01-20 22:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll
    [2011-05-27 03:11] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



    **** End of log ****
     
  15. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I just ran temp file cleaner, TFC.

    For ESET,
    You want me to check the SCAN ARCHIVES box, do you want me to uncheck REMOVE THREATS FOUND??
     
  16. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Just follow my instructions.
     
  17. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    Finally done, No threats found on the ESET scan.
    I guess we're done. Going forward, I'm guessing it is impractical to run the gamut of tests we did, on a regular basis. Should I stick with AVG for a free anti-virus? or go with Avast? What would you recommend for a paid version? A friend recommended upgrading to paid version of MalwareBytes for real time protection. If I'm using MalwareBytes, should I drop the Super antispyware? Is Google drive safe to use? I just want to figure what I need to run proteced..

    Thanks!
     
  18. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    You'll be fine with either one.

    Getting paid MBAM version is money well spent.

    You still can keep Super and use it for manual occasional scans.

    ===========================

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  19. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I encountered an error when I tried to install flash for other browsers (4 mb), after I installed flash for IE (9 mb). It said I was trying to install an older version of flash. Guess I can't install both IE & Firefox??
     
  20. Broni

    Broni Malware Annihilator Posts: 47,015   +255

  21. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    Got a warning from AVG that adwcleaner was a severe threat. Was I supposed to disable AVG?? And then adw suggested that I enable PUP's detection in my antivirus..
     
  22. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    # AdwCleaner v2.002 - Logfile created 09/22/2012 at 19:45:02
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
    # User : Alex - ALEX-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Alex\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Users\Alex\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\Conduit
    Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\ConduitCommon
    Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\ConduitEngine
    Folder Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\extensions\engine@conduit.com
    Folder Deleted : C:\Users\backup\AppData\LocalLow\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\AskBarDis
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AskBarDis
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19088

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\prefs.js

    C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sstgyfix.default\user.js ... Deleted !

    Deleted : user_pref("CT2720081..clientLogIsEnabled", true);
    Deleted : user_pref("CT2720081..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2720081..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2720081.CTID", "CT2720081");
    Deleted : user_pref("CT2720081.CurrentServerDate", "24-6-2011");
    Deleted : user_pref("CT2720081.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2720081.DialogsGetterLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern Daylig[...]
    Deleted : user_pref("CT2720081.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2720081.EMailNotifierPollDate", "Fri Jun 24 2011 08:06:46 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("CT2720081.EnableClickToSearchBox", false);
    Deleted : user_pref("CT2720081.EnableSearchHistory", false);
    Deleted : user_pref("CT2720081.EnableSearchSuggest", false);
    Deleted : user_pref("CT2720081.FeedLastCount129248891425073064", 189);
    Deleted : user_pref("CT2720081.FeedPollDate129225116238185771", "Fri Jun 24 2011 08:01:45 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("CT2720081.FeedPollDate129225147492879732", "Fri Jun 24 2011 08:01:45 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("CT2720081.FeedPollDate129245643951202078", "Fri Jun 24 2011 08:01:45 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("CT2720081.FeedPollDate129245643951202084", "Fri Jun 24 2011 08:01:45 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("CT2720081.FeedTTL129225116238185771", 40);
    Deleted : user_pref("CT2720081.FeedTTL129225147492879732", 40);
    Deleted : user_pref("CT2720081.FeedTTL129245643951202078", 40);
    Deleted : user_pref("CT2720081.FeedTTL129245643951202084", 40);
    Deleted : user_pref("CT2720081.FirstServerDate", "27-8-2010");
    Deleted : user_pref("CT2720081.FirstTime", true);
    Deleted : user_pref("CT2720081.FirstTimeFF3", true);
    Deleted : user_pref("CT2720081.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2720081.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2720081.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2720081.Initialize", true);
    Deleted : user_pref("CT2720081.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2720081.InstallationAndCookieDataSentCount", 2);
    Deleted : user_pref("CT2720081.InstallationType", "UnknownIntegration");
    Deleted : user_pref("CT2720081.InstalledDate", "Fri Aug 27 2010 14:37:47 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2720081.InvalidateCache", false);
    Deleted : user_pref("CT2720081.IsAlertDBUpdated", true);
    Deleted : user_pref("CT2720081.IsGrouping", false);
    Deleted : user_pref("CT2720081.IsMulticommunity", false);
    Deleted : user_pref("CT2720081.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2720081.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2720081.LanguagePackLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern Dayligh[...]
    Deleted : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2720081.LastLogin_2.7.2.0", "Fri Aug 27 2010 14:37:48 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2720081.LastLogin_3.5.0.12", "Fri Jun 24 2011 08:01:46 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2720081.LatestVersion", "3.3.3.2");
    Deleted : user_pref("CT2720081.Locale", "en");
    Deleted : user_pref("CT2720081.LoginCache", 4);
    Deleted : user_pref("CT2720081.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2720081.MCDetectTooltipShow", false);
    Deleted : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2720081.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2720081.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2720081.RadioIsPodcast", false);
    Deleted : user_pref("CT2720081.RadioLastCheckTime", "Fri Jun 24 2011 08:01:45 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
    Deleted : user_pref("CT2720081.RadioMediaID", "21079850");
    Deleted : user_pref("CT2720081.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
    Deleted : user_pref("CT2720081.RadioShrinkedFromSetup", false);
    Deleted : user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
    Deleted : user_pref("CT2720081.RadioStationURL", "hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=[...]
    Deleted : user_pref("CT2720081.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2720081.SearchBackToDefaultEngine", false);
    Deleted : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
    Deleted : user_pref("CT2720081.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern Dayli[...]
    Deleted : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2720081.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2720081.ServiceMapLastCheckTime", "Fri Jun 24 2011 08:01:44 GMT-0400 (Eastern Daylight [...]
    Deleted : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2720081.SettingsLastCheckTime", "Fri Jun 24 2011 08:01:44 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("CT2720081.SettingsLastUpdate", "1307989481");
    Deleted : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Fri Jun 24 2011 08:01:44 GMT-0400 (Eastern Day[...]
    Deleted : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2720081.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2720081.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2720081");
    Deleted : user_pref("CT2720081.UserID", "UN35759742855523013");
    Deleted : user_pref("CT2720081.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2720081.WeatherNetwork", "");
    Deleted : user_pref("CT2720081.WeatherPollDate", "Fri Jun 24 2011 08:02:09 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2720081.WeatherUnit", "C");
    Deleted : user_pref("CT2720081.alertChannelId", "1112366");
    Deleted : user_pref("CT2720081.approveUntrustedApps", false);
    Deleted : user_pref("CT2720081.backendstorage.ct2720081ads1", "25374225323261647325323225334125354225374225323[...]
    Deleted : user_pref("CT2720081.backendstorage.ct2720081current_term", "");
    Deleted : user_pref("CT2720081.backendstorage.ct2720081sdate", "3234");
    Deleted : user_pref("CT2720081.backendstorage.hxxp://api16_thetrafficstat_net.pid2", "313063636336636666613162[...]
    Deleted : user_pref("CT2720081.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "313063636336636666613162[...]
    Deleted : user_pref("CT2720081.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "313063636336636666613162[...]
    Deleted : user_pref("CT2720081.clientLogIsEnabled", false);
    Deleted : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2720081.components.1000034", false);
    Deleted : user_pref("CT2720081.components.1000082", false);
    Deleted : user_pref("CT2720081.components.1000234", false);
    Deleted : user_pref("CT2720081.components.129248875812655100", false);
    Deleted : user_pref("CT2720081.components.129248877724530829", false);
    Deleted : user_pref("CT2720081.components.129248890913197855", false);
    Deleted : user_pref("CT2720081.components.129248891425073064", false);
    Deleted : user_pref("CT2720081.components.129248891798510728", false);
    Deleted : user_pref("CT2720081.components.129248892232416767", false);
    Deleted : user_pref("CT2720081.components.129319739420043910", false);
    Deleted : user_pref("CT2720081.components.129326609897400864", false);
    Deleted : user_pref("CT2720081.components.129380094189393863", false);
    Deleted : user_pref("CT2720081.components.129484577924557236", false);
    Deleted : user_pref("CT2720081.components.4221156542888680494", false);
    Deleted : user_pref("CT2720081.components.5325145384281180184", false);
    Deleted : user_pref("CT2720081.components.5611289133187350459", false);
    Deleted : user_pref("CT2720081.components.5839507107235391905", false);
    Deleted : user_pref("CT2720081.components.6848626366586256370", false);
    Deleted : user_pref("CT2720081.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
    Deleted : user_pref("CT2720081.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern [...]
    Deleted : user_pref("CT2720081.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2720081.initDone", true);
    Deleted : user_pref("CT2720081.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2720081.isFirstRadioInstallation", false);
    Deleted : user_pref("CT2720081.myStuffEnabled", true);
    Deleted : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2720081.oldAppsList", "129246060025636489,129246060025636490,111,4221156542888680494,12[...]
    Deleted : user_pref("CT2720081.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2720081.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2720081.testingCtid", "");
    Deleted : user_pref("CT2720081.toolbarAppMetaDataLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CT2720081.toolbarContextMenuLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2720081.usageEnabled", false);
    Deleted : user_pref("CT2720081.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1112366/1108070/US", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2720081", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2720081",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2720081/CT2720081[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"9bbc58e34871052ccea[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/2557521.xml", "\"f02f378dee1e741df03e[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"988aaa1a6ca72b8fe9cb9[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/807095.xml", "\"b66155b14b5234ab7004d[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alex\\AppData\\Roaming\\Mozilla\\Fi[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2720081,ConduitEngine");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Mar 26 2011 14:54:02 GMT-04[...]
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 17 2011 00:32:13 GMT-0400 (Easte[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 23 2011 23:45:50 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "a291d762-2251-4294-91e1-dccb59c2e812");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jun 24 2011 08:01:47 GMT-0400 (Eas[...]
    Deleted : user_pref("CommunityToolbar.globalUserId", "df1d7fe8-564d-4b1a-bf87-271ff69a7cc2");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 24 2011 08:02:1[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 24 2011 08:02:23 GMT-040[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 24 2011 08:02:08 GMT-0400 (E[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "4a88d73d-a3e1-4f4d-9bdc-051dff535b25");
    Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Fri Jun 24 2011 08:01:48 GMT-0400[...]
    Deleted : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Fri Jun 24 2011 08:01:48 GMT-0400 [...]
    Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Fri Jun 24 2011 08:01:48 GMT-0400 ([...]
    Deleted : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Fri Jun 24 2011 08:01:48 GMT-0400 ([...]
    Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue May 17 2011 00:32:49 GMT-0400 (Eastern Dayl[...]
    Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
    Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 22 2011 07:24:25 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 21");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Mar 27 2011 03:29:42 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon May 23 2011 23:45:50 GMT-0400 (Eastern Day[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon May 23 2011 23:45:50 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon May 23 2011 23:45:50 GMT-0400 (Eastern Dayligh[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN67181105407504962");
    Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon May 23 2011 23:45:50 GMT-0400 (Easte[...]
    Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 23 2011 23:45:50 GMT-0400 (East[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

    Profile name : default
    File : C:\Users\backup\AppData\Roaming\Mozilla\Firefox\Profiles\n9gkz65y.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [23664 octets] - [22/09/2012 19:45:02]

    ########## EOF - C:\AdwCleaner[S1].txt - [23725 octets] ##########
     
  23. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Yes, it's safe program.
    One of the reasons I don't like AVG is its oversensitivity.
     
  24. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I went to that link you sent me. I'm not really clear on which one to run to get the flash (plug in) for Firefox. It seems Flash, "freaks out", no matter what .exe I try, since the 11.4 was already installed for IE..
     
  25. AlexKent

    AlexKent TS Rookie Topic Starter Posts: 21

    I'm getting ready to run the OTL program to clear restore points, but I haven't done the flash for Firefox yet..
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.