TechSpot

Entire system running slow, and eventual blue screen of death

By almualim3
Feb 6, 2012
  1. Right after I got done playing a game the other day, the system started running slowly, and so I decided to run advanced system care to see if there were any registry problems. It eventually got stuck on Trojan.win32 agent. Computer then froze, and the bsod popped up, then proceeded to restart my computer.

    Ever since then, the computer randomly freezes when I restart firefox, and the bsod pops up and restarts it again. I followed all of your instructions, and hope that you guys can help me out. Thanks in advance.

    The logs are as follows:

    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.06.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    ahmed :: AHMED-PC [administrator]

    Protection: Enabled

    2/6/2012 12:50:49 PM
    mbam-log-2012-02-06 (12-50-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205092
    Time elapsed: 12 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    *******************************
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-06 13:12:08
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
    Running: q871qrr4.exe; Driver: C:\Users\ahmed\AppData\Local\Temp\pglorpow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855721E8
    Device \Driver\atapi \Device\Ide\IdePort0 855721E8
    Device \Driver\atapi \Device\Ide\IdePort1 855721E8
    Device \Driver\atapi \Device\Ide\IdePort2 855721E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855721E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 855731E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 855731E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 855731E8
    Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81 865961E8
    Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81Port3Path0Target1Lun0 865961E8
    Device \FileSystem\Ntfs \Ntfs 855761E8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

    Device \FileSystem\fastfat \Fat 8929C1E8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by ahmed at 13:14:40 on 2012-02-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1326 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\PnkBstrA.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Program Files\IObit\Advanced SystemCare 5\Asc.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\Program Files\AVG\AVG9\avgcfgex.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
    uInternet Settings,ProxyOverride = cdn;*.local
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\055425557494E4F4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F5636666736336 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F574F575962756C6563737F5249344640393 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\34F677669637860275966496 : DhcpNameServer = 192.168.2.1 10.1.10.1
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\84F627375686561646 : DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\B40216E6460214 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8} : DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
    TCP: Interfaces\{7AC1BC10-46E0-4813-B6FA-653093AA5599} : DhcpNameServer = 68.87.69.150 68.87.85.102
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: avgrsstx.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\iitm3sox.default\
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\ahmed\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\users\ahmed\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-11-6 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-6 52872]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-5 15672]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-6 24856]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-6 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-6 29712]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-6 243152]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-17 497496]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
    R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-5 652360]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-5 2253120]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-6 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2009-11-6 122448]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2009-11-6 30288]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2009-11-6 20560]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-5 20464]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-12-4 139880]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-4 15872]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
    S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.21006\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [?]
    S4 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
    S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-17 112592]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
    .
    =============== Created Last 30 ================
    .
    2012-02-06 17:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-02-06 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-02-06 16:33:05 -------- d-----w- c:\programdata\SecTaskMan
    2012-02-06 16:31:10 -------- d-----w- c:\program files\Security Task Manager
    2012-02-06 16:21:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\offreg.dll
    2012-02-06 16:09:38 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b18543be-a806-420f-a48c-10662eec2876}\gapaengine.dll
    2012-02-06 16:09:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\mpengine.dll
    2012-02-06 16:06:47 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-06 16:06:25 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
    2012-02-06 02:46:03 67072 ----a-w- c:\windows\system32\packager.dll
    2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
    2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
    2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
    2012-02-06 02:33:00 -------- d-----w- C:\sh4ldr
    2012-02-06 02:33:00 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-05 23:08:36 -------- d-----w- c:\users\ahmed\appdata\roaming\Malwarebytes
    2012-02-05 23:08:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-05 23:08:26 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-05 23:08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-05 22:48:15 -------- d-----w- C:\ERDNT
    2012-02-05 22:48:12 -------- d-----w- c:\windows\ERUNT
    2012-02-05 22:47:30 -------- d-----w- C:\!FixIEDef
    2012-01-28 13:53:57 -------- d-----w- c:\users\ahmed\appdata\roaming\redsn0w
    2012-01-28 12:51:49 -------- d-----w- C:\sn0wbreeze
    2012-01-28 11:44:46 -------- d-----w- c:\program files\iTunes
    2012-01-28 11:44:46 -------- d-----w- c:\program files\iPod
    2012-01-28 11:41:13 -------- d-----w- c:\program files\Bonjour
    2012-01-25 01:33:13 -------- d-----w- c:\users\ahmed\appdata\local\Spotify
    2012-01-25 01:33:06 -------- d-----w- c:\users\ahmed\appdata\roaming\Spotify
    .
    ==================== Find3M ====================
    .
    2012-02-06 21:05:36 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-18 11:04:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-18 11:03:03 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-12-18 11:03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-18 11:01:51 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-18 11:01:51 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-18 11:01:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-18 11:00:58 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-18 11:00:08 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-18 10:46:18 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-12-18 10:46:17 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-12-18 10:46:17 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-12-18 10:46:17 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-12-18 10:46:14 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-12-18 10:46:14 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-12-18 10:46:14 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-12-18 10:46:14 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-12-18 10:46:14 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-12-18 10:44:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-12-18 10:43:31 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-12-18 10:43:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-12-18 10:41:48 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-12-18 10:41:21 2616320 ----a-w- c:\windows\explorer.exe
    2011-12-18 10:40:49 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-12-18 10:39:45 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-12-18 10:39:45 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-12-18 10:39:45 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-12-07 06:39:28 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
    2011-12-01 20:48:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-01 06:11:41 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-15 20:30:28 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
    2011-02-16 22:56:04 2290745340 ----a-w- c:\program files\MSSetupv95.exe
    .
    ============= FINISH: 13:16:18.05 ===============
    Thanks again.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Attach.txt part of DDS is missing.

    You're running two AV programs, AVG and MSE.
    One of them has to go.
    If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Here's the log for aswMBR:

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-06 15:05:06
    -----------------------------
    15:05:06.317 OS Version: Windows 6.1.7601 Service Pack 1
    15:05:06.317 Number of processors: 2 586 0x170A
    15:05:06.321 ComputerName: AHMED-PC UserName: ahmed
    15:08:41.196 Initialize success
    15:09:43.845 AVAST engine defs: 12020601
    15:10:39.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:10:39.055 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
    15:10:39.064 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
    15:10:39.067 Disk 1 Vendor: ( Size: 3781MB BusType: 12
    15:10:39.085 Disk 0 MBR read successfully
    15:10:39.089 Disk 0 MBR scan
    15:10:39.172 Disk 0 Windows 7 default MBR code
    15:10:39.177 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:10:39.233 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    15:10:39.296 Disk 0 scanning sectors +488394752
    15:10:39.406 Disk 0 scanning C:\Windows\system32\drivers
    15:11:04.491 Service scanning
    15:11:05.518 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    15:11:05.970 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    15:11:06.552 Modules scanning
    15:11:18.183 Disk 0 trace - called modules:
    15:11:18.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855721e8]<<
    15:11:18.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e8090]
    15:11:18.221 3 CLASSPNP.SYS[8b79c59e] -> nt!IofCallDriver -> [0x862cc918]
    15:11:18.227 5 ACPI.sys[8b1b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862ca030]
    15:11:18.235 \Driver\atapi[0x862c5f38] -> IRP_MJ_CREATE -> 0x855721e8
    15:11:20.341 AVAST engine scan C:\Windows
    15:11:30.168 AVAST engine scan C:\Windows\system32
    15:18:01.996 AVAST engine scan C:\Windows\system32\drivers
    15:18:35.991 AVAST engine scan C:\Users\ahmed
    15:57:31.579 AVAST engine scan C:\ProgramData
    16:01:31.777 Scan finished successfully
    22:50:39.889 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
    22:50:39.983 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"


    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-06 15:05:06
    -----------------------------
    15:05:06.317 OS Version: Windows 6.1.7601 Service Pack 1
    15:05:06.317 Number of processors: 2 586 0x170A
    15:05:06.321 ComputerName: AHMED-PC UserName: ahmed
    15:08:41.196 Initialize success
    15:09:43.845 AVAST engine defs: 12020601
    15:10:39.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:10:39.055 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
    15:10:39.064 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
    15:10:39.067 Disk 1 Vendor: ( Size: 3781MB BusType: 12
    15:10:39.085 Disk 0 MBR read successfully
    15:10:39.089 Disk 0 MBR scan
    15:10:39.172 Disk 0 Windows 7 default MBR code
    15:10:39.177 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:10:39.233 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    15:10:39.296 Disk 0 scanning sectors +488394752
    15:10:39.406 Disk 0 scanning C:\Windows\system32\drivers
    15:11:04.491 Service scanning
    15:11:05.518 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    15:11:05.970 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    15:11:06.552 Modules scanning
    15:11:18.183 Disk 0 trace - called modules:
    15:11:18.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855721e8]<<
    15:11:18.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e8090]
    15:11:18.221 3 CLASSPNP.SYS[8b79c59e] -> nt!IofCallDriver -> [0x862cc918]
    15:11:18.227 5 ACPI.sys[8b1b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862ca030]
    15:11:18.235 \Driver\atapi[0x862c5f38] -> IRP_MJ_CREATE -> 0x855721e8
    15:11:20.341 AVAST engine scan C:\Windows
    15:11:30.168 AVAST engine scan C:\Windows\system32
    15:18:01.996 AVAST engine scan C:\Windows\system32\drivers
    15:18:35.991 AVAST engine scan C:\Users\ahmed
    15:57:31.579 AVAST engine scan C:\ProgramData
    16:01:31.777 Scan finished successfully
    22:50:39.889 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
    22:50:39.983 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"
    22:50:56.016 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
    22:50:56.023 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"


    *******************


    Here's the log for boot_cleaner:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    Thanks again for all of your help.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    [​IMG]

    Did you uninstall one of your AV programs?
     
  5. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Yes, I did. Here's the Attatch.DDS.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/6/2009 7:30:51 PM
    System Uptime: 2/6/2012 11:43:18 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | N80Vb
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Socket 478 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 8.631 GiB free.
    D: is CDROM ()
    E: is Removable
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: WPD FileSystem Volume Driver
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_03&OID_5344&PID_SD04G&REV_8.0#5&1828C44C&0&0#
    Manufacturer: Microsoft
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_03&OID_5344&PID_SD04G&REV_8.0#5&1828C44C&0&0#
    Service: WUDFRd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslcdd28582
    Device ID: ROOT\LEGACY_MPKSLCDD28582\0000
    Manufacturer:
    Name: MpKslcdd28582
    PNP Device ID: ROOT\LEGACY_MPKSLCDD28582\0000
    Service: MpKslcdd28582
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.4
    Adobe Shockwave Player 11.5
    Advanced SystemCare 5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aptana Studio 3
    Ask Toolbar
    Audacity 1.2.6
    Audio Video To Wav Converter version 1.21
    AVG 9.0
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    BitTornado 0.3.18
    Bonjour
    Browser Defender 2.0.6.11
    Burn4Free CD and DVD
    Call of Duty: Black Ops - Multiplayer
    CCleaner
    CDisplay 1.8
    Comcast High-Speed Internet Install Wizard
    Conduit Engine
    ConvertHelper 2.2
    Cool FLAC To MP3 Converter 1.0
    D3DX10
    DAEMON Tools Lite
    DC Universe Online Live
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DEVIL MAY CRY 4
    DriverTuner 3.0.1.0
    Dropbox
    Dual-Core Optimizer
    EAX Unified
    Fable III
    Facebook Plug-In
    Fences
    FLAC 1.2.1b (remove only)
    FreeArc 0.666
    GamersFirst LIVE!
    GameXN GO
    Google Chrome
    Google Earth
    Google Update Helper
    Half-Life 2 [DiGiTALZoNE]
    Homeworld2
    ijji REACTOR
    InfraRecorder
    inSSIDer
    iPhone Explorer 2.101
    iPhoneBrowser
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    LAME v3.98.2 for Audacity
    LastPass (uninstall only)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Player Classic - Home Cinema v. 1.3.1249.0
    Media Player Codec Pack 3.9.2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended Beta 2
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 Beta English
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MobileMe Control Panel
    Mozilla Firefox 10.0 (x86 en-US)
    MSVCRT
    Network Stumbler 0.4.0 (remove only)
    Nexon Game Manager
    Nmap 5.59BETA1
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA Graphics Driver 285.62
    NVIDIA HD Audio Driver 1.2.24.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    Octoshape add-in for Adobe Flash Player
    OpenAL
    OpenOffice.org 3.1
    Pando Media Booster
    PCSX2 - Playstation 2 Emulator
    PeerBlock 1.0+ (r484)
    Portal 2
    PunkBuster Services
    PVSonyDll
    QuickTime
    Reason 5.0
    ResumeMaker Professional
    Revo Uninstaller Pro 2.5.3
    Search Settings v1.2.3
    Security Task Manager 1.7
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Service Pack 2 for SQL Server 2008 (KB2285068)
    Skype Click to Call
    Skype™ 5.5
    Smart Defrag 2
    Software Informer 1.0 BETA
    Spotify
    Spybot - Search & Destroy
    SpyHunter
    SQL Server 2008 R2 Management Objects
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    StartNow Toolbar
    Steam
    System Requirements Lab CYRI
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    uTorrentBar Toolbar
    Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
    VLC media player 1.0.5
    VST Bridge 1.1
    Vuze_Remote Toolbar
    Web Deployment Tool
    WebEx Support Manager for Internet Explorer
    WinDirStat 1.1.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinPcap 4.1.2
    WinRAR archiver
    Wondershare Video to DVD Burner(Build 2.5.1.10)
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/6/2012 8:55:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    2/6/2012 8:52:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/6/2012 8:45:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/6/2012 7:03:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    2/6/2012 7:02:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/6/2012 12:09:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    2/6/2012 12:03:10 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/6/2012 12:00:10 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
    2/6/2012 11:46:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/6/2012 11:45:27 AM, Error: Service Control Manager [7022] - The AVG9IDSAgent service hung on starting.
    2/6/2012 11:43:57 AM, Error: volmgr [46] - Crash dump initialization failed!
    2/6/2012 11:38:07 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    2/6/2012 1:01:14 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    2/5/2012 2:54:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/5/2012 2:44:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/5/2012 2:36:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    2/5/2012 2:36:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/5/2012 2:33:33 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    2/5/2012 2:28:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    2/5/2012 2:28:19 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/5/2012 2:21:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/5/2012 2:21:08 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/5/2012 2:20:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/5/2012 2:19:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    2/5/2012 2:19:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-0 is not functioning.
    2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-1 is not functioning.
    2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-0 is not functioning.
    2/2/2012 12:41:31 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-1 is not functioning.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Here's the Combofix log:

    ComboFix 12-02-07.01 - ahmed 02/07/2012 10:52:58.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1693 [GMT -8:00]
    Running from: c:\users\ahmed\Desktop\ComboFix.exe
    AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Search Settings
    c:\program files\Search Settings\FF\chrome.manifest
    c:\program files\Search Settings\FF\chrome\content\plugin.js
    c:\program files\Search Settings\FF\chrome\content\plugin.xul
    c:\program files\Search Settings\FF\chrome\content\protection.js
    c:\program files\Search Settings\FF\chrome\content\utils.js
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
    c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
    c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
    c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
    c:\program files\Search Settings\FF\install.rdf
    c:\program files\Search Settings\SearchSettings.dll
    c:\program files\Search Settings\SearchSettings.exe
    c:\program files\Search Settings\SearchSettingsRes409.dll
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\ReactivateFF.exe
    c:\program files\StartNow Toolbar\ReactivateIE.exe
    c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
    c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\separator.png
    c:\program files\StartNow Toolbar\Resources\images\splitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\Toolbar32.dll
    c:\program files\StartNow Toolbar\ToolbarBroker.exe
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\users\ahmed\AppData\Local\TempDIR
    c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\AppName.txt
    c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\Channel.txt
    c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
    c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
    c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\windows\system32\tmp85D2.tmp
    c:\windows\system32\tmp85E2.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-07 19:03 . 2012-02-07 19:07 -------- d-----w- c:\users\ahmed\AppData\Local\temp
    2012-02-07 19:03 . 2012-02-07 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-02-07 19:03 . 2012-02-07 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-07 18:32 . 2012-02-07 18:32 -------- d-----w- C:\found.000
    2012-02-07 16:16 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-07 16:16 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84011A28-2522-4294-9954-1F6926A1468B}\mpengine.dll
    2012-02-06 17:22 . 2012-02-06 20:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-02-06 17:22 . 2012-02-06 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-02-06 16:33 . 2012-02-06 17:01 -------- d-----w- c:\programdata\SecTaskMan
    2012-02-06 16:31 . 2012-02-06 16:33 -------- d-----w- c:\program files\Security Task Manager
    2012-02-06 16:09 . 2012-02-06 16:09 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B18543BE-A806-420F-A48C-10662EEC2876}\gapaengine.dll
    2012-02-06 16:06 . 2012-02-06 16:07 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-06 16:06 . 2012-02-06 16:07 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
    2012-02-06 02:46 . 2012-02-06 02:46 67072 ----a-w- c:\windows\system32\packager.dll
    2012-02-06 02:33 . 2012-02-06 02:34 -------- d-----w- C:\sh4ldr
    2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
    2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
    2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
    2012-02-06 02:33 . 2012-02-06 02:33 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\users\ahmed\AppData\Roaming\Malwarebytes
    2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-05 23:08 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-05 22:48 . 2012-02-05 22:48 -------- d-----w- C:\ERDNT
    2012-02-05 22:48 . 2012-02-05 22:48 -------- d-----w- c:\windows\ERUNT
    2012-02-05 22:47 . 2012-02-05 22:47 -------- d-----w- C:\!FixIEDef
    2012-01-28 13:53 . 2012-01-28 13:55 -------- d-----w- c:\users\ahmed\AppData\Roaming\redsn0w
    2012-01-28 12:51 . 2012-01-28 13:05 -------- d-----w- C:\sn0wbreeze
    2012-01-28 11:44 . 2012-01-28 11:45 -------- d-----w- c:\program files\iTunes
    2012-01-28 11:44 . 2012-01-28 11:44 -------- d-----w- c:\program files\iPod
    2012-01-28 11:41 . 2012-01-28 11:41 -------- d-----w- c:\program files\Bonjour
    2012-01-25 01:33 . 2012-02-07 18:14 -------- d-----w- c:\users\ahmed\AppData\Local\Spotify
    2012-01-25 01:33 . 2012-02-07 18:20 -------- d-----w- c:\users\ahmed\AppData\Roaming\Spotify
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-07 19:06 . 2011-03-23 02:25 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2012-01-31 12:44 . 2009-11-07 02:39 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-18 11:04 . 2011-12-18 11:04 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-18 11:03 . 2011-12-18 11:03 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-12-18 11:03 . 2011-12-18 11:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-18 11:01 . 2011-12-18 11:01 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-18 11:01 . 2011-12-18 11:01 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-18 11:01 . 2011-12-18 11:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-18 11:00 . 2011-12-18 11:00 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-18 11:00 . 2011-12-18 11:00 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-18 10:46 . 2011-12-18 10:46 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-12-18 10:46 . 2011-12-18 10:46 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-12-18 10:46 . 2011-12-18 10:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-12-18 10:46 . 2011-12-18 10:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-12-18 10:46 . 2011-12-18 10:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-12-18 10:46 . 2011-12-18 10:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-12-18 10:46 . 2011-12-18 10:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-12-18 10:46 . 2011-12-18 10:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-12-18 10:46 . 2011-12-18 10:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-12-18 10:45 . 2011-12-18 10:45 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-12-18 10:45 . 2011-12-18 10:45 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-12-18 10:45 . 2011-12-18 10:45 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-12-18 10:45 . 2011-12-18 10:45 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-12-18 10:45 . 2011-12-18 10:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-12-18 10:45 . 2011-12-18 10:45 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-12-18 10:45 . 2011-12-18 10:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-12-18 10:45 . 2011-12-18 10:45 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-12-18 10:45 . 2011-12-18 10:45 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-12-18 10:45 . 2011-12-18 10:45 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-12-18 10:45 . 2011-12-18 10:45 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-12-18 10:45 . 2011-12-18 10:45 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-12-18 10:45 . 2011-12-18 10:45 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-12-18 10:45 . 2011-12-18 10:45 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-12-18 10:45 . 2011-12-18 10:45 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-12-18 10:45 . 2011-12-18 10:45 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-12-18 10:44 . 2011-12-18 10:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-12-18 10:43 . 2011-12-18 10:43 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-12-18 10:43 . 2011-12-18 10:43 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-12-18 10:41 . 2011-12-18 10:41 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-12-18 10:41 . 2011-12-18 10:41 2616320 ----a-w- c:\windows\explorer.exe
    2011-12-18 10:40 . 2011-12-18 10:40 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-12-18 10:39 . 2011-12-18 10:39 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-12-18 10:39 . 2011-12-18 10:39 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-12-18 10:39 . 2011-12-18 10:39 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-12-07 06:39 . 2011-12-07 06:39 10134560 ----a-w- c:\program files\Common Files\lpuninstall.exe
    2011-12-01 20:48 . 2011-12-01 20:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-01 06:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-15 20:30 . 2011-06-15 19:16 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
    2011-02-16 22:56 . 2011-02-16 21:42 2290745340 ----a-w- c:\program files\MSSetupv95.exe
    2012-02-01 14:49 . 2011-05-17 01:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 16:26 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-03-17 22:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-30 620376]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^ahmed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^ahmed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
    2008-07-22 20:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-12-15 00:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-22 01:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
    2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
    2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
    2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-12-19 02:26 135664 ----atw- c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-10-13 17:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
    2009-11-26 02:50 2011205 ----a-w- c:\program files\Software Informer\softinfo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
    2012-01-31 05:16 4009648 ----a-w- c:\users\ahmed\AppData\Roaming\Spotify\spotify.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-09-26 04:59 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2011-10-21 02:29 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe
    .
    R1 MpKslcdd28582;MpKslcdd28582;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAED03F3-7910-43F1-9986-D695BE75B41D}\MpKslcdd28582.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [x]
    R3 ByakkoDriver;ByakkoDriver;c:\users\ahmed\AppData\Local\Temp\391107236.04-25-2010 [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-06 3482384]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]
    R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
    R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 15672]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
    S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-17 375296]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-06-29 35088]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-16 909152]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-16 6114816]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-05 c:\windows\Tasks\Driver Robot.job
    - c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-07 21:53]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 03:12]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 03:12]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000Core.job
    - c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:26]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000UA.job
    - c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
    uInternet Settings,ProxyOverride = cdn;*.local
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    FF - ProfilePath - c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    SafeBoot-rpcnet
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
    MSConfigStartUp-BitTorrent DNA - c:\users\ahmed\Program Files\DNA\btdna.exe
    MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\ahmed\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ByakkoDriver]
    "ImagePath"="\??\c:\users\ahmed\AppData\Local\Temp\391107236.04-25-2010"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1904)
    c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\windows\system32\conhost.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-07 11:13:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-07 19:13
    .
    Pre-Run: 14,977,429,504 bytes free
    Post-Run: 14,878,392,320 bytes free
    .
    - - End Of File - - B3EE69B4CDAE63A3B3A8546C072F9D37
    ********************************

    Here's the Rkill log:

    s log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/07/2012 at 11:30:29.
    Operating System: Windows 7 Ultimate


    Processes terminated by Rkill or while it was running:



    Rkill completed on 02/07/2012 at 11:30:36.

    Thank you once again for all of your help!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Which AV program did you uninstall?

    Uninstall Ask Toolbar, typical foistware.
     
  9. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22


    I removed AVG with the link you provided. How do I uninstall Ask Toolbar?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Start>Control Panel>Programs & Features

    Uninstall Advanced SystemCare 5 as well.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Computer is running a lot smoother. No blue screen of death or freezing. Although, firefox seems to still be a bit too slow.

    Here are the logs for OTL:

    OTL logfile created on: 2/7/2012 12:04:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ahmed\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.41% Memory free
    6.00 Gb Paging File | 4.76 Gb Available in Paging File | 79.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 12.16 Gb Free Space | 5.22% Space Free | Partition Type: NTFS
    Drive E: | 3.69 Gb Total Space | 0.79 Gb Free Space | 21.45% Space Free | Partition Type: FAT32

    Computer Name: AHMED-PC | User Name: ahmed | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
    PRC - [2012/01/16 08:26:19 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/18 02:41:21 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 00:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/10/15 00:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
    PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2009/07/13 17:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
    PRC - [2009/07/13 17:14:24 | 000,660,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
    SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
    SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator)
    SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator)
    SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator)
    SRV - [2012/01/16 08:26:19 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/04 14:02:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
    SRV - [2010/03/05 19:11:30 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/01/06 08:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/15 00:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/08/11 17:39:53 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2011/07/07 15:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2011/06/28 19:40:54 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
    DRV - [2011/05/24 15:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/07/13 08:56:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2010/04/19 18:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/09/15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
    DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
    DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2004/03/23 18:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...3c5f&browser=IE&os=win&os_version=6.1-x86-SP0
    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 B5 14 25 14 73 CB 01 [binary data]
    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
    IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100


    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ahmed\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ahmed\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ahmed\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/12 19:48:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 06:49:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/22 21:35:04 | 000,000,000 | ---D | M]

    [2011/07/20 02:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Extensions
    [2012/02/07 11:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions
    [2012/01/27 06:19:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/01/10 20:15:39 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\https-everywhere@eff.org
    [2012/02/06 09:36:43 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
    [2012/01/28 00:04:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\support@lastpass.com
    [2012/01/02 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/31 11:08:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    () (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IITM3SOX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
    () (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IITM3SOX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/02/01 06:49:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    [2012/01/16 08:26:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
    [2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B201EF86-CB45-4A62-BA99-F9C29E658EDF}&mid=5b5d0b40b09e6ceb2bba616682bef8e2-bcc7adc07294cb8b8bc9149e4d859401432896bf&lang=us&ds=AVG&pr=pa&d=2011-12-07 01:19:31&v=10.0.0.7&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ahmed\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Gmail = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/07 11:07:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe ()
    O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8}: DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/07 11:57:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
    [2012/02/07 11:13:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/07 11:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/07 11:03:57 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Local\temp
    [2012/02/07 10:49:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/07 10:49:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/07 10:49:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/07 10:49:24 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/07 10:48:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/07 10:32:29 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/02/07 10:14:00 | 004,398,288 | R--- | C] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
    [2012/02/06 23:03:23 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\ahmed\Desktop\boot_cleaner.exe
    [2012/02/06 09:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/02/06 09:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/02/06 09:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/02/06 08:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/02/06 08:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    [2012/02/06 08:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/02/06 08:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/06 08:06:25 | 000,000,000 | ---D | C] -- C:\c67b696dacb13b001272d49d27b351
    [2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    [2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/02/05 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Malwarebytes
    [2012/02/05 15:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/05 15:08:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/05 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/05 15:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/05 14:48:15 | 000,000,000 | ---D | C] -- C:\ERDNT
    [2012/02/05 14:48:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2012/02/05 14:47:30 | 000,000,000 | ---D | C] -- C:\!FixIEDef
    [2012/02/02 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\ahmed\Desktop\blackops
    [2012/01/31 11:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/01/28 05:53:57 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\redsn0w
    [2012/01/28 04:51:49 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
    [2012/01/28 03:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/28 03:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/28 03:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/28 03:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/01/24 17:33:13 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Local\Spotify
    [2012/01/24 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Spotify
    [2012/01/13 05:04:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Temporary Downloaded Files
    [2011/12/06 22:39:28 | 010,134,560 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
    [2011/06/15 11:16:58 | 2114,968,249 | ---- | C] (Nexon) -- C:\Program Files\DragonNestSetupV02.exe
    [2011/02/16 13:42:20 | 2290,745,340 | ---- | C] (Nexon) -- C:\Program Files\MSSetupv95.exe
    [2009/11/06 20:08:05 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/07 12:06:15 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
    [2012/02/07 12:04:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000UA.job
    [2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
    [2012/02/07 11:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/07 11:28:48 | 001,008,141 | ---- | M] () -- C:\Users\ahmed\Desktop\rkill.scr
    [2012/02/07 11:25:00 | 001,008,141 | ---- | M] () -- C:\Users\ahmed\Desktop\rkill.com
    [2012/02/07 11:07:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/07 11:06:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/07 11:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/07 11:05:25 | 2415,218,688 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/07 10:34:16 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
    [2012/02/07 10:14:29 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
    [2012/02/07 09:52:17 | 092,617,641 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2012/02/07 08:01:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/07 08:01:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/06 22:50:56 | 000,000,512 | ---- | M] () -- C:\Users\ahmed\Desktop\MBR.dat
    [2012/02/06 14:43:50 | 000,000,000 | ---- | M] () -- C:\Users\ahmed\AppData\Local\prvlcl.dat
    [2012/02/06 13:04:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000Core.job
    [2012/02/06 09:23:11 | 000,001,220 | ---- | M] () -- C:\Users\ahmed\Desktop\Spybot - Search & Destroy.lnk
    [2012/02/06 08:57:52 | 000,621,525 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
    [2012/02/06 08:07:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/06 08:07:11 | 000,736,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/06 08:07:11 | 000,150,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/05 18:33:01 | 000,002,246 | ---- | M] () -- C:\Users\ahmed\Desktop\SpyHunter.lnk
    [2012/02/05 15:08:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/05 03:55:01 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    [2012/01/31 11:07:58 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/01/31 09:59:32 | 000,042,768 | ---- | M] () -- C:\Users\ahmed\AppData\Roaming\UserTile.png
    [2012/01/30 02:34:02 | 000,155,782 | ---- | M] () -- C:\Users\ahmed\Desktop\dadad.png
    [2012/01/30 02:18:07 | 000,024,892 | ---- | M] () -- C:\Users\ahmed\Desktop\best night2.png
    [2012/01/30 02:17:57 | 000,199,087 | ---- | M] () -- C:\Users\ahmed\Desktop\best night.png
    [2012/01/30 01:02:50 | 000,136,711 | ---- | M] () -- C:\Users\ahmed\Desktop\best night4.png
    [2012/01/30 00:58:48 | 000,110,937 | ---- | M] () -- C:\Users\ahmed\Desktop\best night5.png
    [2012/01/30 00:55:05 | 000,098,590 | ---- | M] () -- C:\Users\ahmed\Desktop\best night3.png
    [2012/01/28 05:17:31 | 695,452,332 | ---- | M] () -- C:\Users\ahmed\Desktop\sn0wbreeze_iPhone_4-CDMA-4.2.6-8E200.ipsw
    [2012/01/28 03:45:44 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/28 02:16:31 | 000,634,187 | ---- | M] () -- C:\Users\ahmed\Desktop\donkey.png
    [2012/01/24 17:33:07 | 000,001,805 | ---- | M] () -- C:\Users\ahmed\Desktop\Spotify.lnk
    [2012/01/11 21:09:54 | 000,136,065 | ---- | M] () -- C:\Users\ahmed\Desktop\hahahaderp.jpg
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/07 11:28:44 | 001,008,141 | ---- | C] () -- C:\Users\ahmed\Desktop\rkill.scr
    [2012/02/07 11:24:57 | 001,008,141 | ---- | C] () -- C:\Users\ahmed\Desktop\rkill.com
    [2012/02/07 10:49:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/07 10:49:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/07 10:49:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/07 10:49:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/07 10:49:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/07 10:34:16 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
    [2012/02/06 22:50:39 | 000,000,512 | ---- | C] () -- C:\Users\ahmed\Desktop\MBR.dat
     
  12. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Continued:

    [2012/02/06 09:23:11 | 000,001,220 | ---- | C] () -- C:\Users\ahmed\Desktop\Spybot - Search & Destroy.lnk
    [2012/02/06 08:07:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/02/06 08:06:54 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/05 18:33:01 | 000,002,246 | ---- | C] () -- C:\Users\ahmed\Desktop\SpyHunter.lnk
    [2012/02/05 15:08:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/31 11:07:58 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/01/31 09:59:32 | 000,042,768 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\UserTile.png
    [2012/01/30 02:34:00 | 000,155,782 | ---- | C] () -- C:\Users\ahmed\Desktop\dadad.png
    [2012/01/30 00:57:38 | 000,110,937 | ---- | C] () -- C:\Users\ahmed\Desktop\best night5.png
    [2012/01/30 00:56:04 | 000,136,711 | ---- | C] () -- C:\Users\ahmed\Desktop\best night4.png
    [2012/01/30 00:55:05 | 000,098,590 | ---- | C] () -- C:\Users\ahmed\Desktop\best night3.png
    [2012/01/30 00:54:15 | 000,024,892 | ---- | C] () -- C:\Users\ahmed\Desktop\best night2.png
    [2012/01/30 00:53:21 | 000,199,087 | ---- | C] () -- C:\Users\ahmed\Desktop\best night.png
    [2012/01/28 05:16:02 | 695,452,332 | ---- | C] () -- C:\Users\ahmed\Desktop\sn0wbreeze_iPhone_4-CDMA-4.2.6-8E200.ipsw
    [2012/01/28 03:45:44 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/28 02:16:30 | 000,634,187 | ---- | C] () -- C:\Users\ahmed\Desktop\donkey.png
    [2012/01/24 17:33:07 | 000,001,805 | ---- | C] () -- C:\Users\ahmed\Desktop\Spotify.lnk
    [2012/01/24 17:33:07 | 000,001,791 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2012/01/11 21:09:54 | 000,136,065 | ---- | C] () -- C:\Users\ahmed\Desktop\hahahaderp.jpg
    [2011/12/18 02:13:12 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
    [2011/12/05 06:37:50 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    [2011/12/05 06:37:50 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011/06/28 19:40:54 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2011/06/17 03:56:55 | 000,138,056 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\PnkBstrK.sys
    [2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2011/05/31 20:53:21 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/05/04 09:16:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/05/04 09:14:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/24 20:10:22 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2011/03/24 20:10:20 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2010/11/21 19:31:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010/10/02 12:31:56 | 000,065,552 | -HS- | C] () -- C:\ProgramData\GB.bin
    [2010/04/08 18:59:21 | 000,000,140 | ---- | C] () -- C:\Windows\System32\option.sys
    [2010/01/16 07:03:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/12 12:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
    [2010/01/12 12:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/01/12 12:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
    [2010/01/12 12:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
    [2010/01/12 12:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
    [2010/01/12 12:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
    [2010/01/12 12:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
    [2010/01/12 12:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
    [2010/01/12 12:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
    [2010/01/12 12:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
    [2010/01/12 12:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
    [2010/01/12 12:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
    [2010/01/12 12:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
    [2010/01/12 12:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
    [2010/01/12 12:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/01/11 05:05:32 | 000,000,000 | ---- | C] () -- C:\Users\ahmed\AppData\Local\prvlcl.dat
    [2009/12/31 16:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
    [2009/12/31 16:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
    [2009/12/17 15:31:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2009/12/17 15:31:27 | 001,640,400 | ---- | C] () -- C:\Windows\PCTBDCore.dll
    [2009/11/20 05:16:37 | 000,000,017 | ---- | C] () -- C:\Users\ahmed\AppData\Local\resmon.resmoncfg
    [2009/11/14 10:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
    [2009/11/14 10:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
    [2009/11/14 10:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
    [2009/11/14 10:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
    [2009/11/14 10:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
    [2009/11/14 10:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
    [2009/11/14 10:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
    [2009/11/14 10:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
    [2009/11/14 10:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
    [2009/11/14 10:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
    [2009/11/14 10:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
    [2009/11/14 10:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
    [2009/11/14 10:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
    [2009/11/11 03:18:34 | 000,003,584 | ---- | C] () -- C:\Users\ahmed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/07 17:08:39 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/08/11 12:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
    [2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 20:33:53 | 000,434,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 18:05:48 | 000,736,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 18:05:48 | 000,150,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
    [2008/12/03 14:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
    [2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2003/04/08 19:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
    [2003/04/08 19:28:44 | 000,233,472 | R--- | C] () -- C:\Users\ahmed\AppData\Roaming\MafiaSetup.exe

    ========== LOP Check ==========

    [2009/11/29 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\.BitTornado
    [2010/12/21 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Activision
    [2009/12/06 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\AVG9
    [2011/08/09 12:44:27 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Azureus
    [2011/05/26 16:34:06 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Bioshock
    [2009/11/06 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Blitware
    [2012/02/06 12:49:32 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\DAEMON Tools Lite
    [2012/02/06 08:46:59 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Dropbox
    [2010/06/19 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Facebook
    [2010/08/23 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\fltk.org
    [2011/12/05 01:27:16 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\FreeArc
    [2012/01/04 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\go
    [2011/01/13 20:05:06 | 000,000,000 | -H-D | M] -- C:\Users\ahmed\AppData\Roaming\ijjigame
    [2011/03/02 13:18:31 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Individual Software
    [2010/09/26 18:13:43 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\InfraRecorder
    [2011/12/17 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\IObit
    [2010/03/23 02:49:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\LEAPS
    [2011/05/22 15:52:00 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Lionhead Studios
    [2010/01/16 07:25:23 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\ManyCam
    [2009/11/22 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Nexon
    [2009/11/17 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\OpenOffice.org
    [2010/03/23 02:46:25 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Pegasys Inc
    [2010/01/19 14:44:34 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Petroglyph
    [2011/02/04 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Propellerhead Software
    [2011/03/24 20:10:17 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\PunkBuster
    [2012/01/28 05:55:03 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\redsn0w
    [2011/01/26 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Software Informer
    [2012/02/07 11:59:01 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Spotify
    [2010/04/21 02:58:43 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Stardock
    [2010/04/14 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Stellarium
    [2012/02/01 04:14:40 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\SystemRequirementsLab
    [2010/04/14 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Ubisoft
    [2012/02/06 12:49:32 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\uTorrent
    [2012/02/05 03:55:01 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
    [2012/02/05 14:34:29 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2012/02/07 10:34:16 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
    [2010/11/03 23:08:33 | 000,000,504 | ---- | M] () -- C:\cmdlog.txt
    [2012/02/07 11:13:45 | 000,040,505 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/02/07 11:05:25 | 2415,218,688 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/12/24 11:21:14 | 000,001,002 | ---- | M] () -- C:\net_save.dna
    [2012/02/07 11:05:37 | 3220,295,680 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/07 11:30:36 | 000,000,357 | ---- | M] () -- C:\rkill.log
    [2011/08/19 19:19:35 | 000,007,186 | ---- | M] () -- C:\shared.log
    [2011/03/15 06:31:30 | 000,000,026 | ---- | M] () -- C:\usm.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2010/12/21 09:33:44 | 000,000,026 | ---- | M] () -- C:\xml2.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 17:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
    [2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/11/20 04:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/10/17 12:06:11 | 000,001,638 | -HS- | M] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2011/06/15 12:30:28 | 2114,968,249 | ---- | M] (Nexon) -- C:\Program Files\DragonNestSetupV02.exe
    [2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
    [2010/01/14 10:37:26 | 000,000,707 | ---- | M] () -- C:\Program Files\INSTALL.LOG
    [2011/02/16 14:56:04 | 2290,745,340 | ---- | M] (Nexon) -- C:\Program Files\MSSetupv95.exe
    [2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2009/11/06 18:30:29 | 000,001,708 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/06 19:02:28 | 000,000,221 | -HS- | M] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\ahmed\Desktop\boot_cleaner.exe
    [2012/02/07 10:14:29 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
    [2011/02/07 20:32:44 | 005,298,402 | ---- | M] () -- C:\Users\ahmed\Desktop\greenpois0n.exe
    [2011/03/01 13:04:02 | 001,785,743 | ---- | M] (Macroplant, LLC ) -- C:\Users\ahmed\Desktop\iPhone Explorer Setup.exe
    [2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
    [2011/05/06 10:57:24 | 042,271,744 | ---- | M] (iH8sn0w) -- C:\Users\ahmed\Desktop\sn0wbreeze-v2.7r2.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2011/12/06 22:39:28 | 010,134,560 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/12/04 10:07:39 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/12/04 10:07:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/12/01 03:37:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/12/01 03:37:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/12/04 10:07:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/01/04 14:17:04 | 000,000,402 | -HS- | M] () -- C:\Users\ahmed\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/11/07 17:08:40 | 008,673,792 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2008/04/30 18:28:08 | 001,654,869 | ---- | M] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
    [2010/10/02 12:31:56 | 000,065,552 | -HS- | M] () -- C:\ProgramData\GB.bin

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D06A4C76
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  13. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Extras log:

    OTL Extras logfile created on: 2/7/2012 12:04:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ahmed\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.41% Memory free
    6.00 Gb Paging File | 4.76 Gb Available in Paging File | 79.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 12.16 Gb Free Space | 5.22% Space Free | Partition Type: NTFS
    Drive E: | 3.69 Gb Total Space | 0.79 Gb Free Space | 21.45% Space Free | Partition Type: FAT32

    Computer Name: AHMED-PC | User Name: ahmed | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018305}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018306}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018307}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018308}" = Fable III
    "{4D53090A-CE35-42BD-B377-831000018309}" = Fable III
    "{4D53090A-CE35-42BD-B377-83100001830A}" = Fable III
    "{4D53090A-CE35-42BD-B377-83100001830B}" = Fable III
    "{4D53090A-CE35-42BD-B377-83100001830C}" = Fable III
    "{4D53090A-CE35-42BD-B377-83100001830D}" = Fable III
    "{4D53090A-CE35-42BD-B377-83100001830E}" = Fable III
    "{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
    "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
    "{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
    "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.101
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B7CAA1E-D2D2-40E8-8FA4-3B8FCC9B305B}" = inSSIDer
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE65493C-EA18-3458-AA58-EEDB9D671528}" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
    "{D8EA4774-1EB0-45EB-A4F5-E5F2776D328D}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F849775B-F39D-4EDD-A266-1A3E258F0498}" = Microsoft SQL Server Compact 3.5 SP2 Beta English
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Aptana Studio 3" = Aptana Studio 3
    "Audacity_is1" = Audacity 1.2.6
    "Audio Video To Wav Converter_is1" = Audio Video To Wav Converter version 1.21
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BitTornado" = BitTornado 0.3.18
    "Browser Defender_is1" = Browser Defender 2.0.6.11
    "Burn4Free" = Burn4Free CD and DVD
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "conduitEngine" = Conduit Engine
    "Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "EAX Unified" = EAX Unified
    "Fences" = Fences
    "FLAC" = FLAC 1.2.1b (remove only)
    "FreeArc" = FreeArc 0.666
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "Half-Life 2 [DiGiTALZoNE]" = Half-Life 2 [DiGiTALZoNE]
    "Homeworld2" = Homeworld2
    "InfraRecorder" = InfraRecorder
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "Network Stumbler" = Network Stumbler 0.4.0 (remove only)
    "Nmap" = Nmap 5.59BETA1
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
    "Postal 2_is1" = Portal 2
    "PunkBusterSvc" = PunkBuster Services
    "Reason5_is1" = Reason 5.0
    "ResumeMaker Professional" = ResumeMaker Professional
    "Security Task Manager" = Security Task Manager 1.7
    "Smart Defrag 2_is1" = Smart Defrag 2
    "Software Informer_is1" = Software Informer 1.0 BETA
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
    "VLC media player" = VLC media player 1.0.5
    "VST Bridge_is1" = VST Bridge 1.1
    "Vuze_Remote Toolbar" = Vuze_Remote Toolbar
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "Wondershare Video to DVD Burner_is1" = Wondershare Video to DVD Burner(Build 2.5.1.10)
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Facebook Plug-In" = Facebook Plug-In
    "Game Organizer" = GameXN GO
    "Google Chrome" = Google Chrome
    "LastPass" = LastPass (uninstall only)
    "SOE-DC Universe Online Live" = DC Universe Online Live
    "Spotify" = Spotify
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/19/2011 9:56:58 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Program Files\Windows Live\Messenger\uccapi.dll
    for one of the following reasons: there is a problem with the network connection,
    the disk that the file is stored on, or the storage drivers installed on this computer;
    or the disk is missing. Windows closed the program Windows Live Messenger because
    of this error. Program: Windows Live Messenger File: C:\Program Files\Windows Live\Messenger\uccapi.dll

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your
    network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
    type: 3

    Error - 6/22/2011 3:15:41 AM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
    time stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00055b57 Faulting
    process id: 0x518 Faulting application start time: 0x01cc2ed9a93421a1 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 6f351dec-9c9f-11e0-84ec-0023545f22c4

    Error - 6/22/2011 5:01:43 AM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mpc-hc.exe, version: 1.3.1249.0, time stamp:
    0x4a9591c8 Faulting module name: mpc-hc.exe, version: 1.3.1249.0, time stamp: 0x4a9591c8
    Exception
    code: 0xc0000005 Fault offset: 0x0001f023 Faulting process id: 0x5a0 Faulting application
    start time: 0x01cc30b23ae9a086 Faulting application path: C:\Program Files\MPC HomeCinema\mpc-hc.exe
    Faulting
    module path: C:\Program Files\MPC HomeCinema\mpc-hc.exe Report Id: 3f4a4424-9cae-11e0-84ec-0023545f22c4

    Error - 6/23/2011 9:51:29 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: skype.exe, version: 5.3.0.116, time stamp:
    0x4ddea058 Faulting module name: skype.exe, version: 5.3.0.116, time stamp: 0x4ddea058
    Exception
    code: 0xc0000005 Fault offset: 0x005ddd98 Faulting process id: 0x1334 Faulting application
    start time: 0x01cc32112d2f7667 Faulting application path: C:\program files\skype\phone\skype.exe
    Faulting
    module path: C:\program files\skype\phone\skype.exe Report Id: 79dcc53d-9e04-11e0-84ec-0023545f22c4

    Error - 6/28/2011 8:07:22 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 6/29/2011 6:28:26 AM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 6/29/2011 11:19:45 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_IKEEXT, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
    time stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00055d83 Faulting
    process id: 0x4fc Faulting application start time: 0x01cc36471044d049 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: cd49d268-a2c7-11e0-80c2-0023545f22c4

    Error - 6/29/2011 11:31:39 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 6/30/2011 8:37:19 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 7/1/2011 8:08:42 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ System Events ]
    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.


    < End of report >
     
  14. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Also, I have removed advanced system care and the ask toolbar. Thanks for all of the useful info regarding registry cleaners!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
      SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startpa...on=6.1-x86-SP0
      IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/12 19:48:29 | 000,000,000 | ---D | M]
      [2012/01/16 08:26:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      [2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
      CHR - default_search_provider: AVG Secure Search (Enabled)
      CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B201EF86-CB45-4A62-BA99-F9C29E658EDF}&mid=5b5d0b40b09e6ceb2bba616682bef8e2-bcc7adc07294cb8b8bc9149e4d859401432896bf&lang=us&ds=AVG&pr=pa&d=2011-12-07 01:19:31&v=10.0.0.7&sap=dsp&q={searchTerms}
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
      O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
      O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
      O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
      [2009/12/06 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\AVG9
      @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D06A4C76
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Application Updater\ApplicationUpdater.exe
      C:\Program Files\AVG Secure Search
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Made a bit of a mistake after the computer rebooted right after the temp file cleaner. Lost the logs of the previous scans, including the OTL fix. Should I run them all again?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Yes please.
     
  18. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    OTL run fix log:

    All processes killed
    ========== OTL ==========
    No active process named ApplicationUpdater.exe was found!
    Error: No service named Application Updater was found to stop!
    Service\Driver key Application Updater not found.
    File C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared not found.
    File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
    File C:\Program Files\mozilla firefox\searchplugins\bing.xml.old not found.
    Unable to fix default_search_provider items.
    Unable to fix default_search_provider items.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    File C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    File C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 not found.
    File C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
    File C:\Program Files\AVG Secure Search\vprot.exe not found.
    Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
    File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll not found.
    Folder C:\Users\ahmed\AppData\Roaming\AVG9\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    Unable to delete ADS C:\ProgramData\TEMP:D06A4C76 .
    Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
    File\Folder C:\Program Files\AVG Secure Search not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ahmed
    ->Temp folder emptied: 1633 bytes
    ->Temporary Internet Files folder emptied: 147518 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 144439416 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 906 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10465 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 138.00 mb


    [EMPTYJAVA]

    User: ahmed
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: ahmed
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02072012_135805

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  19. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Security Check Log:

    de Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpyHunter
    Spybot - Search & Destroy
    CCleaner
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  20. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    FSS Log:

    Farbar Service Scanner Version: 05-02-2012
    Ran by ahmed (administrator) on 07-02-2012 at 14:07:21
    Running from "C:\Users\ahmed\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  21. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    ...and Eset....
     
  22. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    It's at 99%. Will post as soon as possible.
     
  23. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    The scanner has found 8 threats, but has been stuck on one file for quite some time. The scanner has been running for 2 hours a 5 minutes, and is stuck at 99%. Is this normal?

    EDIT: It's moving again. Will report if anything changes.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Patience is a virtue :)
     
  25. almualim3

    almualim3 TS Rookie Topic Starter Posts: 22

    Most definitely! So how bad is this infection?

    P.S: I would like to thank you again for all of your help. If you lived close, I'd buy you a beer. You are awesome!

    :grinthumb
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...