Solved Entire system running slow, and eventual blue screen of death

A

almualim3

Posts: 21   +0
Right after I got done playing a game the other day, the system started running slowly, and so I decided to run advanced system care to see if there were any registry problems. It eventually got stuck on Trojan.win32 agent. Computer then froze, and the bsod popped up, then proceeded to restart my computer.

Ever since then, the computer randomly freezes when I restart firefox, and the bsod pops up and restarts it again. I followed all of your instructions, and hope that you guys can help me out. Thanks in advance.

The logs are as follows:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ahmed :: AHMED-PC [administrator]

Protection: Enabled

2/6/2012 12:50:49 PM
mbam-log-2012-02-06 (12-50-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205092
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


*******************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-06 13:12:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: q871qrr4.exe; Driver: C:\Users\ahmed\AppData\Local\Temp\pglorpow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855721E8
Device \Driver\atapi \Device\Ide\IdePort0 855721E8
Device \Driver\atapi \Device\Ide\IdePort1 855721E8
Device \Driver\atapi \Device\Ide\IdePort2 855721E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855721E8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 855731E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81 865961E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81Port3Path0Target1Lun0 865961E8
Device \FileSystem\Ntfs \Ntfs 855761E8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \FileSystem\fastfat \Fat 8929C1E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by ahmed at 13:14:40 on 2012-02-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1326 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 5\Asc.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = cdn;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\055425557494E4F4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F5636666736336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F574F575962756C6563737F5249344640393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\34F677669637860275966496 : DhcpNameServer = 192.168.2.1 10.1.10.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\84F627375686561646 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\B40216E6460214 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8} : DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
TCP: Interfaces\{7AC1BC10-46E0-4813-B6FA-653093AA5599} : DhcpNameServer = 68.87.69.150 68.87.85.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: avgrsstx.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\iitm3sox.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ahmed\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\ahmed\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-11-6 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-6 52872]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-5 15672]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-6 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-6 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-6 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-6 243152]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-17 497496]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-5 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-5 2253120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-6 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2009-11-6 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2009-11-6 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2009-11-6 20560]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-5 20464]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-12-4 139880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-4 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.21006\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [?]
S4 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-17 112592]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2012-02-06 17:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 16:33:05 -------- d-----w- c:\programdata\SecTaskMan
2012-02-06 16:31:10 -------- d-----w- c:\program files\Security Task Manager
2012-02-06 16:21:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\offreg.dll
2012-02-06 16:09:38 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b18543be-a806-420f-a48c-10662eec2876}\gapaengine.dll
2012-02-06 16:09:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\mpengine.dll
2012-02-06 16:06:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-06 16:06:25 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
2012-02-06 02:46:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-02-06 02:33:00 -------- d-----w- C:\sh4ldr
2012-02-06 02:33:00 -------- d-----w- c:\program files\Enigma Software Group
2012-02-05 23:08:36 -------- d-----w- c:\users\ahmed\appdata\roaming\Malwarebytes
2012-02-05 23:08:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 23:08:26 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 23:08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 22:48:15 -------- d-----w- C:\ERDNT
2012-02-05 22:48:12 -------- d-----w- c:\windows\ERUNT
2012-02-05 22:47:30 -------- d-----w- C:\!FixIEDef
2012-01-28 13:53:57 -------- d-----w- c:\users\ahmed\appdata\roaming\redsn0w
2012-01-28 12:51:49 -------- d-----w- C:\sn0wbreeze
2012-01-28 11:44:46 -------- d-----w- c:\program files\iTunes
2012-01-28 11:44:46 -------- d-----w- c:\program files\iPod
2012-01-28 11:41:13 -------- d-----w- c:\program files\Bonjour
2012-01-25 01:33:13 -------- d-----w- c:\users\ahmed\appdata\local\Spotify
2012-01-25 01:33:06 -------- d-----w- c:\users\ahmed\appdata\roaming\Spotify
.
==================== Find3M ====================
.
2012-02-06 21:05:36 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 11:04:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 11:03:03 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-18 11:03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-18 11:01:51 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 11:01:51 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 11:01:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 11:00:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 11:00:08 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 10:46:18 1699328 ----a-w- c:\windows\system32\esent.dll
2011-12-18 10:46:17 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-18 10:46:17 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-18 10:46:17 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-18 10:46:14 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-18 10:46:14 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-18 10:46:14 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-18 10:46:14 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-18 10:46:14 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-18 10:44:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-18 10:43:31 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 10:43:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-18 10:41:48 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-18 10:41:21 2616320 ----a-w- c:\windows\explorer.exe
2011-12-18 10:40:49 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-18 10:39:45 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-18 10:39:45 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-18 10:39:45 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-07 06:39:28 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
2011-12-01 20:48:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 06:11:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-15 20:30:28 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
2011-02-16 22:56:04 2290745340 ----a-w- c:\program files\MSSetupv95.exe
.
============= FINISH: 13:16:18.05 ===============
Thanks again.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Attach.txt part of DDS is missing.

You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Here's the log for aswMBR:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 15:05:06
-----------------------------
15:05:06.317 OS Version: Windows 6.1.7601 Service Pack 1
15:05:06.317 Number of processors: 2 586 0x170A
15:05:06.321 ComputerName: AHMED-PC UserName: ahmed
15:08:41.196 Initialize success
15:09:43.845 AVAST engine defs: 12020601
15:10:39.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:10:39.055 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
15:10:39.064 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
15:10:39.067 Disk 1 Vendor: ( Size: 3781MB BusType: 12
15:10:39.085 Disk 0 MBR read successfully
15:10:39.089 Disk 0 MBR scan
15:10:39.172 Disk 0 Windows 7 default MBR code
15:10:39.177 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:10:39.233 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
15:10:39.296 Disk 0 scanning sectors +488394752
15:10:39.406 Disk 0 scanning C:\Windows\system32\drivers
15:11:04.491 Service scanning
15:11:05.518 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:11:05.970 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:11:06.552 Modules scanning
15:11:18.183 Disk 0 trace - called modules:
15:11:18.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855721e8]<<
15:11:18.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e8090]
15:11:18.221 3 CLASSPNP.SYS[8b79c59e] -> nt!IofCallDriver -> [0x862cc918]
15:11:18.227 5 ACPI.sys[8b1b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862ca030]
15:11:18.235 \Driver\atapi[0x862c5f38] -> IRP_MJ_CREATE -> 0x855721e8
15:11:20.341 AVAST engine scan C:\Windows
15:11:30.168 AVAST engine scan C:\Windows\system32
15:18:01.996 AVAST engine scan C:\Windows\system32\drivers
15:18:35.991 AVAST engine scan C:\Users\ahmed
15:57:31.579 AVAST engine scan C:\ProgramData
16:01:31.777 Scan finished successfully
22:50:39.889 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
22:50:39.983 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 15:05:06
-----------------------------
15:05:06.317 OS Version: Windows 6.1.7601 Service Pack 1
15:05:06.317 Number of processors: 2 586 0x170A
15:05:06.321 ComputerName: AHMED-PC UserName: ahmed
15:08:41.196 Initialize success
15:09:43.845 AVAST engine defs: 12020601
15:10:39.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:10:39.055 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
15:10:39.064 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
15:10:39.067 Disk 1 Vendor: ( Size: 3781MB BusType: 12
15:10:39.085 Disk 0 MBR read successfully
15:10:39.089 Disk 0 MBR scan
15:10:39.172 Disk 0 Windows 7 default MBR code
15:10:39.177 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:10:39.233 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
15:10:39.296 Disk 0 scanning sectors +488394752
15:10:39.406 Disk 0 scanning C:\Windows\system32\drivers
15:11:04.491 Service scanning
15:11:05.518 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:11:05.970 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:11:06.552 Modules scanning
15:11:18.183 Disk 0 trace - called modules:
15:11:18.208 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855721e8]<<
15:11:18.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e8090]
15:11:18.221 3 CLASSPNP.SYS[8b79c59e] -> nt!IofCallDriver -> [0x862cc918]
15:11:18.227 5 ACPI.sys[8b1b23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862ca030]
15:11:18.235 \Driver\atapi[0x862c5f38] -> IRP_MJ_CREATE -> 0x855721e8
15:11:20.341 AVAST engine scan C:\Windows
15:11:30.168 AVAST engine scan C:\Windows\system32
15:18:01.996 AVAST engine scan C:\Windows\system32\drivers
15:18:35.991 AVAST engine scan C:\Users\ahmed
15:57:31.579 AVAST engine scan C:\ProgramData
16:01:31.777 Scan finished successfully
22:50:39.889 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
22:50:39.983 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"
22:50:56.016 Disk 0 MBR has been saved successfully to "C:\Users\ahmed\Desktop\MBR.dat"
22:50:56.023 The log file has been saved successfully to "C:\Users\ahmed\Desktop\aswMBR1.txt"


*******************


Here's the log for boot_cleaner:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


Thanks again for all of your help.
 
Broni said:
p4494882.gif


Did you uninstall one of your AV programs?
Click to expand...

Yes, I did. Here's the Attatch.DDS.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2009 7:30:51 PM
System Uptime: 2/6/2012 11:43:18 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N80Vb
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Socket 478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 8.631 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_03&OID_5344&PID_SD04G&REV_8.0#5&1828C44C&0&0#
Manufacturer: Microsoft
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SD#VID_03&OID_5344&PID_SD04G&REV_8.0#5&1828C44C&0&0#
Service: WUDFRd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslcdd28582
Device ID: ROOT\LEGACY_MPKSLCDD28582\0000
Manufacturer:
Name: MpKslcdd28582
PNP Device ID: ROOT\LEGACY_MPKSLCDD28582\0000
Service: MpKslcdd28582
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Advanced SystemCare 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
Ask Toolbar
Audacity 1.2.6
Audio Video To Wav Converter version 1.21
AVG 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BitTornado 0.3.18
Bonjour
Browser Defender 2.0.6.11
Burn4Free CD and DVD
Call of Duty: Black Ops - Multiplayer
CCleaner
CDisplay 1.8
Comcast High-Speed Internet Install Wizard
Conduit Engine
ConvertHelper 2.2
Cool FLAC To MP3 Converter 1.0
D3DX10
DAEMON Tools Lite
DC Universe Online Live
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DEVIL MAY CRY 4
DriverTuner 3.0.1.0
Dropbox
Dual-Core Optimizer
EAX Unified
Fable III
Facebook Plug-In
Fences
FLAC 1.2.1b (remove only)
FreeArc 0.666
GamersFirst LIVE!
GameXN GO
Google Chrome
Google Earth
Google Update Helper
Half-Life 2 [DiGiTALZoNE]
Homeworld2
ijji REACTOR
InfraRecorder
inSSIDer
iPhone Explorer 2.101
iPhoneBrowser
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LAME v3.98.2 for Audacity
LastPass (uninstall only)
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Classic - Home Cinema v. 1.3.1249.0
Media Player Codec Pack 3.9.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended Beta 2
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 Beta English
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
Network Stumbler 0.4.0 (remove only)
Nexon Game Manager
Nmap 5.59BETA1
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
Octoshape add-in for Adobe Flash Player
OpenAL
OpenOffice.org 3.1
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PeerBlock 1.0+ (r484)
Portal 2
PunkBuster Services
PVSonyDll
QuickTime
Reason 5.0
ResumeMaker Professional
Revo Uninstaller Pro 2.5.3
Search Settings v1.2.3
Security Task Manager 1.7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Service Pack 2 for SQL Server 2008 (KB2285068)
Skype Click to Call
Skype™ 5.5
Smart Defrag 2
Software Informer 1.0 BETA
Spotify
Spybot - Search & Destroy
SpyHunter
SQL Server 2008 R2 Management Objects
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
StartNow Toolbar
Steam
System Requirements Lab CYRI
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
uTorrentBar Toolbar
Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
VLC media player 1.0.5
VST Bridge 1.1
Vuze_Remote Toolbar
Web Deployment Tool
WebEx Support Manager for Internet Explorer
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinPcap 4.1.2
WinRAR archiver
Wondershare Video to DVD Burner(Build 2.5.1.10)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
2/6/2012 8:55:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
2/6/2012 8:52:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/6/2012 8:45:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/6/2012 7:03:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
2/6/2012 7:02:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2012 7:01:25 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/6/2012 12:09:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/6/2012 12:03:10 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2/6/2012 12:00:10 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 11:46:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/6/2012 11:45:27 AM, Error: Service Control Manager [7022] - The AVG9IDSAgent service hung on starting.
2/6/2012 11:43:57 AM, Error: volmgr [46] - Crash dump initialization failed!
2/6/2012 11:38:07 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
2/6/2012 1:01:14 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
2/5/2012 2:54:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/5/2012 2:44:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/5/2012 2:36:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
2/5/2012 2:36:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/5/2012 2:34:34 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/5/2012 2:33:33 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/5/2012 2:28:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
2/5/2012 2:28:19 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2012 2:21:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/5/2012 2:21:08 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/5/2012 2:20:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/5/2012 2:19:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
2/5/2012 2:19:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-0 is not functioning.
2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-1 is not functioning.
2/2/2012 12:41:32 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-0 is not functioning.
2/2/2012 12:41:31 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-1 is not functioning.
.
==== End Of File ===========================
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here's the Combofix log:

ComboFix 12-02-07.01 - ahmed 02/07/2012 10:52:58.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1693 [GMT -8:00]
Running from: c:\users\ahmed\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\ahmed\AppData\Local\TempDIR
c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\AppName.txt
c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\Channel.txt
c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
c:\users\ahmed\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\windows\system32\tmp85D2.tmp
c:\windows\system32\tmp85E2.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 19:03 . 2012-02-07 19:07 -------- d-----w- c:\users\ahmed\AppData\Local\temp
2012-02-07 19:03 . 2012-02-07 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-07 19:03 . 2012-02-07 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 18:32 . 2012-02-07 18:32 -------- d-----w- C:\found.000
2012-02-07 16:16 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-07 16:16 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84011A28-2522-4294-9954-1F6926A1468B}\mpengine.dll
2012-02-06 17:22 . 2012-02-06 20:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 17:22 . 2012-02-06 17:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 16:33 . 2012-02-06 17:01 -------- d-----w- c:\programdata\SecTaskMan
2012-02-06 16:31 . 2012-02-06 16:33 -------- d-----w- c:\program files\Security Task Manager
2012-02-06 16:09 . 2012-02-06 16:09 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B18543BE-A806-420F-A48C-10662EEC2876}\gapaengine.dll
2012-02-06 16:06 . 2012-02-06 16:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-06 16:06 . 2012-02-06 16:07 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
2012-02-06 02:46 . 2012-02-06 02:46 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-06 02:33 . 2012-02-06 02:34 -------- d-----w- C:\sh4ldr
2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-02-06 02:33 . 2012-02-06 02:33 110080 ----a-r- c:\users\ahmed\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-02-06 02:33 . 2012-02-06 02:33 -------- d-----w- c:\program files\Enigma Software Group
2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\users\ahmed\AppData\Roaming\Malwarebytes
2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 23:08 . 2012-02-05 23:08 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 23:08 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 22:48 . 2012-02-05 22:48 -------- d-----w- C:\ERDNT
2012-02-05 22:48 . 2012-02-05 22:48 -------- d-----w- c:\windows\ERUNT
2012-02-05 22:47 . 2012-02-05 22:47 -------- d-----w- C:\!FixIEDef
2012-01-28 13:53 . 2012-01-28 13:55 -------- d-----w- c:\users\ahmed\AppData\Roaming\redsn0w
2012-01-28 12:51 . 2012-01-28 13:05 -------- d-----w- C:\sn0wbreeze
2012-01-28 11:44 . 2012-01-28 11:45 -------- d-----w- c:\program files\iTunes
2012-01-28 11:44 . 2012-01-28 11:44 -------- d-----w- c:\program files\iPod
2012-01-28 11:41 . 2012-01-28 11:41 -------- d-----w- c:\program files\Bonjour
2012-01-25 01:33 . 2012-02-07 18:14 -------- d-----w- c:\users\ahmed\AppData\Local\Spotify
2012-01-25 01:33 . 2012-02-07 18:20 -------- d-----w- c:\users\ahmed\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 19:06 . 2011-03-23 02:25 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-01-31 12:44 . 2009-11-07 02:39 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 11:04 . 2011-12-18 11:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 11:03 . 2011-12-18 11:03 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-18 11:03 . 2011-12-18 11:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-18 11:01 . 2011-12-18 11:01 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 11:01 . 2011-12-18 11:01 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 11:01 . 2011-12-18 11:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 11:00 . 2011-12-18 11:00 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 11:00 . 2011-12-18 11:00 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 10:46 . 2011-12-18 10:46 1699328 ----a-w- c:\windows\system32\esent.dll
2011-12-18 10:46 . 2011-12-18 10:46 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-18 10:46 . 2011-12-18 10:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-18 10:46 . 2011-12-18 10:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-18 10:46 . 2011-12-18 10:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-18 10:46 . 2011-12-18 10:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-18 10:46 . 2011-12-18 10:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-18 10:46 . 2011-12-18 10:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-18 10:46 . 2011-12-18 10:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-18 10:45 . 2011-12-18 10:45 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-18 10:45 . 2011-12-18 10:45 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-12-18 10:45 . 2011-12-18 10:45 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-12-18 10:45 . 2011-12-18 10:45 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-12-18 10:45 . 2011-12-18 10:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-18 10:45 . 2011-12-18 10:45 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-12-18 10:45 . 2011-12-18 10:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-18 10:45 . 2011-12-18 10:45 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-12-18 10:45 . 2011-12-18 10:45 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-12-18 10:45 . 2011-12-18 10:45 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-12-18 10:45 . 2011-12-18 10:45 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-12-18 10:45 . 2011-12-18 10:45 337408 ----a-w- c:\windows\system32\mssph.dll
2011-12-18 10:45 . 2011-12-18 10:45 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-12-18 10:45 . 2011-12-18 10:45 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-12-18 10:45 . 2011-12-18 10:45 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-12-18 10:45 . 2011-12-18 10:45 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-12-18 10:44 . 2011-12-18 10:44 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-18 10:43 . 2011-12-18 10:43 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 10:43 . 2011-12-18 10:43 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-18 10:41 . 2011-12-18 10:41 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-18 10:41 . 2011-12-18 10:41 2616320 ----a-w- c:\windows\explorer.exe
2011-12-18 10:40 . 2011-12-18 10:40 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-18 10:39 . 2011-12-18 10:39 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-18 10:39 . 2011-12-18 10:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-18 10:39 . 2011-12-18 10:39 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-07 06:39 . 2011-12-07 06:39 10134560 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-12-01 20:48 . 2011-12-01 20:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 06:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-15 20:30 . 2011-06-15 19:16 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
2011-02-16 22:56 . 2011-02-16 21:42 2290745340 ----a-w- c:\program files\MSSetupv95.exe
2012-02-01 14:49 . 2011-05-17 01:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 16:26 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 22:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-30 620376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ahmed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ahmed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 20:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-15 00:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-22 01:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN]
2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)]
2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)]
2011-09-28 19:40 347008 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-19 02:26 135664 ----atw- c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 17:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-11-26 02:50 2011205 ----a-w- c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-01-31 05:16 4009648 ----a-w- c:\users\ahmed\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-26 04:59 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-10-21 02:29 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R1 MpKslcdd28582;MpKslcdd28582;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAED03F3-7910-43F1-9986-D695BE75B41D}\MpKslcdd28582.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
R3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\users\ahmed\AppData\Local\Temp\391107236.04-25-2010 [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-06 3482384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 15672]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-17 375296]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-06-29 35088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-16 909152]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-16 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-07 21:53]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 03:12]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 03:12]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000Core.job
- c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:26]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000UA.job
- c:\users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = cdn;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-rpcnet
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-BitTorrent DNA - c:\users\ahmed\Program Files\DNA\btdna.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\ahmed\AppData\Roaming\Macromedia\Flash Player\
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ByakkoDriver]
"ImagePath"="\??\c:\users\ahmed\AppData\Local\Temp\391107236.04-25-2010"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1904)
c:\users\ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-07 11:13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 19:13
.
Pre-Run: 14,977,429,504 bytes free
Post-Run: 14,878,392,320 bytes free
.
- - End Of File - - B3EE69B4CDAE63A3B3A8546C072F9D37
********************************

Here's the Rkill log:

s log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/07/2012 at 11:30:29.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:



Rkill completed on 02/07/2012 at 11:30:36.

Thank you once again for all of your help!
 
Which AV program did you uninstall?

Uninstall Ask Toolbar, typical foistware.
 
Start>Control Panel>Programs & Features

Uninstall Advanced SystemCare 5 as well.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=============================================================

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is running a lot smoother. No blue screen of death or freezing. Although, firefox seems to still be a bit too slow.

Here are the logs for OTL:

OTL logfile created on: 2/7/2012 12:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ahmed\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.41% Memory free
6.00 Gb Paging File | 4.76 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 12.16 Gb Free Space | 5.22% Space Free | Partition Type: NTFS
Drive E: | 3.69 Gb Total Space | 0.79 Gb Free Space | 21.45% Space Free | Partition Type: FAT32

Computer Name: AHMED-PC | User Name: ahmed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
PRC - [2012/01/16 08:26:19 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/18 02:41:21 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 00:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/07/13 17:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
PRC - [2009/07/13 17:14:24 | 000,660,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator)
SRV - [2012/01/16 08:26:19 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 14:02:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 00:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/05 19:11:30 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/06 08:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/15 00:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/11 17:39:53 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/07 15:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/06/28 19:40:54 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2011/05/24 15:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/13 08:56:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/04/19 18:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/03/23 18:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...3c5f&browser=IE&os=win&os_version=6.1-x86-SP0
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 B5 14 25 14 73 CB 01 [binary data]
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100


========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ahmed\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ahmed\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ahmed\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/12 19:48:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 06:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/22 21:35:04 | 000,000,000 | ---D | M]

[2011/07/20 02:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Extensions
[2012/02/07 11:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions
[2012/01/27 06:19:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/10 20:15:39 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\https-everywhere@eff.org
[2012/02/06 09:36:43 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2012/01/28 00:04:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\iitm3sox.default\extensions\support@lastpass.com
[2012/01/02 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 11:08:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IITM3SOX.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
() (No name found) -- C:\USERS\AHMED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IITM3SOX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/01 06:49:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/01/16 08:26:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B201EF86-CB45-4A62-BA99-F9C29E658EDF}&mid=5b5d0b40b09e6ceb2bba616682bef8e2-bcc7adc07294cb8b8bc9149e4d859401432896bf&lang=us&ds=AVG&pr=pa&d=2011-12-07 01:19:31&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ahmed\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ahmed\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/07 11:07:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe ()
O4 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8}: DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 11:57:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
[2012/02/07 11:13:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/07 11:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/07 11:03:57 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Local\temp
[2012/02/07 10:49:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 10:49:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 10:49:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 10:49:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/07 10:48:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 10:32:29 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/07 10:14:00 | 004,398,288 | R--- | C] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
[2012/02/06 23:03:23 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\ahmed\Desktop\boot_cleaner.exe
[2012/02/06 09:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/06 09:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/06 09:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/06 08:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/02/06 08:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/02/06 08:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/02/06 08:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/06 08:06:25 | 000,000,000 | ---D | C] -- C:\c67b696dacb13b001272d49d27b351
[2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/02/05 18:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/05 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Malwarebytes
[2012/02/05 15:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 15:08:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/05 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/05 15:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 14:48:15 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/02/05 14:48:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/02/05 14:47:30 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2012/02/02 05:12:27 | 000,000,000 | ---D | C] -- C:\Users\ahmed\Desktop\blackops
[2012/01/31 11:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/28 05:53:57 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\redsn0w
[2012/01/28 04:51:49 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
[2012/01/28 03:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/28 03:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/28 03:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/28 03:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/24 17:33:13 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Local\Spotify
[2012/01/24 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\ahmed\AppData\Roaming\Spotify
[2012/01/13 05:04:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Temporary Downloaded Files
[2011/12/06 22:39:28 | 010,134,560 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2011/06/15 11:16:58 | 2114,968,249 | ---- | C] (Nexon) -- C:\Program Files\DragonNestSetupV02.exe
[2011/02/16 13:42:20 | 2290,745,340 | ---- | C] (Nexon) -- C:\Program Files\MSSetupv95.exe
[2009/11/06 20:08:05 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 12:06:15 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/02/07 12:04:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000UA.job
[2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
[2012/02/07 11:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 11:28:48 | 001,008,141 | ---- | M] () -- C:\Users\ahmed\Desktop\rkill.scr
[2012/02/07 11:25:00 | 001,008,141 | ---- | M] () -- C:\Users\ahmed\Desktop\rkill.com
[2012/02/07 11:07:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/07 11:06:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 11:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 11:05:25 | 2415,218,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 10:34:16 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012/02/07 10:14:29 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
[2012/02/07 09:52:17 | 092,617,641 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/07 08:01:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 08:01:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 22:50:56 | 000,000,512 | ---- | M] () -- C:\Users\ahmed\Desktop\MBR.dat
[2012/02/06 14:43:50 | 000,000,000 | ---- | M] () -- C:\Users\ahmed\AppData\Local\prvlcl.dat
[2012/02/06 13:04:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2554249345-3605349893-3213807598-1000Core.job
[2012/02/06 09:23:11 | 000,001,220 | ---- | M] () -- C:\Users\ahmed\Desktop\Spybot - Search & Destroy.lnk
[2012/02/06 08:57:52 | 000,621,525 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2012/02/06 08:07:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/06 08:07:11 | 000,736,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/06 08:07:11 | 000,150,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/05 18:33:01 | 000,002,246 | ---- | M] () -- C:\Users\ahmed\Desktop\SpyHunter.lnk
[2012/02/05 15:08:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 03:55:01 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012/01/31 11:07:58 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/31 09:59:32 | 000,042,768 | ---- | M] () -- C:\Users\ahmed\AppData\Roaming\UserTile.png
[2012/01/30 02:34:02 | 000,155,782 | ---- | M] () -- C:\Users\ahmed\Desktop\dadad.png
[2012/01/30 02:18:07 | 000,024,892 | ---- | M] () -- C:\Users\ahmed\Desktop\best night2.png
[2012/01/30 02:17:57 | 000,199,087 | ---- | M] () -- C:\Users\ahmed\Desktop\best night.png
[2012/01/30 01:02:50 | 000,136,711 | ---- | M] () -- C:\Users\ahmed\Desktop\best night4.png
[2012/01/30 00:58:48 | 000,110,937 | ---- | M] () -- C:\Users\ahmed\Desktop\best night5.png
[2012/01/30 00:55:05 | 000,098,590 | ---- | M] () -- C:\Users\ahmed\Desktop\best night3.png
[2012/01/28 05:17:31 | 695,452,332 | ---- | M] () -- C:\Users\ahmed\Desktop\sn0wbreeze_iPhone_4-CDMA-4.2.6-8E200.ipsw
[2012/01/28 03:45:44 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/28 02:16:31 | 000,634,187 | ---- | M] () -- C:\Users\ahmed\Desktop\donkey.png
[2012/01/24 17:33:07 | 000,001,805 | ---- | M] () -- C:\Users\ahmed\Desktop\Spotify.lnk
[2012/01/11 21:09:54 | 000,136,065 | ---- | M] () -- C:\Users\ahmed\Desktop\hahahaderp.jpg
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 11:28:44 | 001,008,141 | ---- | C] () -- C:\Users\ahmed\Desktop\rkill.scr
[2012/02/07 11:24:57 | 001,008,141 | ---- | C] () -- C:\Users\ahmed\Desktop\rkill.com
[2012/02/07 10:49:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 10:49:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 10:49:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 10:49:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 10:49:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:34:16 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012/02/06 22:50:39 | 000,000,512 | ---- | C] () -- C:\Users\ahmed\Desktop\MBR.dat
 
Continued:

[2012/02/06 09:23:11 | 000,001,220 | ---- | C] () -- C:\Users\ahmed\Desktop\Spybot - Search & Destroy.lnk
[2012/02/06 08:07:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/06 08:06:54 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/05 18:33:01 | 000,002,246 | ---- | C] () -- C:\Users\ahmed\Desktop\SpyHunter.lnk
[2012/02/05 15:08:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 11:07:58 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/31 09:59:32 | 000,042,768 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\UserTile.png
[2012/01/30 02:34:00 | 000,155,782 | ---- | C] () -- C:\Users\ahmed\Desktop\dadad.png
[2012/01/30 00:57:38 | 000,110,937 | ---- | C] () -- C:\Users\ahmed\Desktop\best night5.png
[2012/01/30 00:56:04 | 000,136,711 | ---- | C] () -- C:\Users\ahmed\Desktop\best night4.png
[2012/01/30 00:55:05 | 000,098,590 | ---- | C] () -- C:\Users\ahmed\Desktop\best night3.png
[2012/01/30 00:54:15 | 000,024,892 | ---- | C] () -- C:\Users\ahmed\Desktop\best night2.png
[2012/01/30 00:53:21 | 000,199,087 | ---- | C] () -- C:\Users\ahmed\Desktop\best night.png
[2012/01/28 05:16:02 | 695,452,332 | ---- | C] () -- C:\Users\ahmed\Desktop\sn0wbreeze_iPhone_4-CDMA-4.2.6-8E200.ipsw
[2012/01/28 03:45:44 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/28 02:16:30 | 000,634,187 | ---- | C] () -- C:\Users\ahmed\Desktop\donkey.png
[2012/01/24 17:33:07 | 000,001,805 | ---- | C] () -- C:\Users\ahmed\Desktop\Spotify.lnk
[2012/01/24 17:33:07 | 000,001,791 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/11 21:09:54 | 000,136,065 | ---- | C] () -- C:\Users\ahmed\Desktop\hahahaderp.jpg
[2011/12/18 02:13:12 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/12/05 06:37:50 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/12/05 06:37:50 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/06/28 19:40:54 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/06/17 03:56:55 | 000,138,056 | ---- | C] () -- C:\Users\ahmed\AppData\Roaming\PnkBstrK.sys
[2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/31 20:53:21 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/04 09:16:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/04 09:14:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/24 20:10:22 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/03/24 20:10:20 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/21 19:31:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/10/02 12:31:56 | 000,065,552 | -HS- | C] () -- C:\ProgramData\GB.bin
[2010/04/08 18:59:21 | 000,000,140 | ---- | C] () -- C:\Windows\System32\option.sys
[2010/01/16 07:03:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 12:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/01/12 12:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/12 12:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/01/12 12:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/01/12 12:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/01/12 12:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/01/12 12:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/01/12 12:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/01/12 12:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/01/12 12:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/01/12 12:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/01/12 12:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/01/12 12:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/01/12 12:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/01/12 12:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/11 05:05:32 | 000,000,000 | ---- | C] () -- C:\Users\ahmed\AppData\Local\prvlcl.dat
[2009/12/31 16:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/12/31 16:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/12/17 15:31:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/17 15:31:27 | 001,640,400 | ---- | C] () -- C:\Windows\PCTBDCore.dll
[2009/11/20 05:16:37 | 000,000,017 | ---- | C] () -- C:\Users\ahmed\AppData\Local\resmon.resmoncfg
[2009/11/14 10:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/14 10:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/11/14 10:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/14 10:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/14 10:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/14 10:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/14 10:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/14 10:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/14 10:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/14 10:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/11/14 10:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/11/14 10:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/14 10:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/11/11 03:18:34 | 000,003,584 | ---- | C] () -- C:\Users\ahmed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 17:08:39 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/08/11 12:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,434,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,736,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,150,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/10 14:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/12/03 14:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/13 01:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/04/08 19:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/08 19:28:44 | 000,233,472 | R--- | C] () -- C:\Users\ahmed\AppData\Roaming\MafiaSetup.exe

========== LOP Check ==========

[2009/11/29 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\.BitTornado
[2010/12/21 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Activision
[2009/12/06 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\AVG9
[2011/08/09 12:44:27 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Azureus
[2011/05/26 16:34:06 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Bioshock
[2009/11/06 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Blitware
[2012/02/06 12:49:32 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\DAEMON Tools Lite
[2012/02/06 08:46:59 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Dropbox
[2010/06/19 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Facebook
[2010/08/23 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\fltk.org
[2011/12/05 01:27:16 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\FreeArc
[2012/01/04 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\go
[2011/01/13 20:05:06 | 000,000,000 | -H-D | M] -- C:\Users\ahmed\AppData\Roaming\ijjigame
[2011/03/02 13:18:31 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Individual Software
[2010/09/26 18:13:43 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\InfraRecorder
[2011/12/17 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\IObit
[2010/03/23 02:49:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\LEAPS
[2011/05/22 15:52:00 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Lionhead Studios
[2010/01/16 07:25:23 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\ManyCam
[2009/11/22 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Nexon
[2009/11/17 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\OpenOffice.org
[2010/03/23 02:46:25 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Pegasys Inc
[2010/01/19 14:44:34 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Petroglyph
[2011/02/04 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Propellerhead Software
[2011/03/24 20:10:17 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\PunkBuster
[2012/01/28 05:55:03 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\redsn0w
[2011/01/26 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Software Informer
[2012/02/07 11:59:01 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Spotify
[2010/04/21 02:58:43 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Stardock
[2010/04/14 12:54:46 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Stellarium
[2012/02/01 04:14:40 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\SystemRequirementsLab
[2010/04/14 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\Ubisoft
[2012/02/06 12:49:32 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\uTorrent
[2012/02/05 03:55:01 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012/02/05 14:34:29 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/02/07 10:34:16 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2010/11/03 23:08:33 | 000,000,504 | ---- | M] () -- C:\cmdlog.txt
[2012/02/07 11:13:45 | 000,040,505 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/02/07 11:05:25 | 2415,218,688 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/12/24 11:21:14 | 000,001,002 | ---- | M] () -- C:\net_save.dna
[2012/02/07 11:05:37 | 3220,295,680 | -HS- | M] () -- C:\pagefile.sys
[2012/02/07 11:30:36 | 000,000,357 | ---- | M] () -- C:\rkill.log
[2011/08/19 19:19:35 | 000,007,186 | ---- | M] () -- C:\shared.log
[2011/03/15 06:31:30 | 000,000,026 | ---- | M] () -- C:\usm.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/12/21 09:33:44 | 000,000,026 | ---- | M] () -- C:\xml2.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 17:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
[2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 04:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/10/17 12:06:11 | 000,001,638 | -HS- | M] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2011/06/15 12:30:28 | 2114,968,249 | ---- | M] (Nexon) -- C:\Program Files\DragonNestSetupV02.exe
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2010/01/14 10:37:26 | 000,000,707 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2011/02/16 14:56:04 | 2290,745,340 | ---- | M] (Nexon) -- C:\Program Files\MSSetupv95.exe
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2009/11/06 18:30:29 | 000,001,708 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/06 19:02:28 | 000,000,221 | -HS- | M] () -- C:\Users\ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\ahmed\Desktop\boot_cleaner.exe
[2012/02/07 10:14:29 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\ahmed\Desktop\ComboFix.exe
[2011/02/07 20:32:44 | 005,298,402 | ---- | M] () -- C:\Users\ahmed\Desktop\greenpois0n.exe
[2011/03/01 13:04:02 | 001,785,743 | ---- | M] (Macroplant, LLC ) -- C:\Users\ahmed\Desktop\iPhone Explorer Setup.exe
[2012/02/07 11:57:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ahmed\Desktop\OTL.exe
[2011/05/06 10:57:24 | 042,271,744 | ---- | M] (iH8sn0w) -- C:\Users\ahmed\Desktop\sn0wbreeze-v2.7r2.exe

< %PROGRAMFILES%\Common Files\*.* >
[2011/12/06 22:39:28 | 010,134,560 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/12/04 10:07:39 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/12/04 10:07:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/12/01 03:37:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/12/01 03:37:02 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/12/04 10:07:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/04 14:17:04 | 000,000,402 | -HS- | M] () -- C:\Users\ahmed\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/11/07 17:08:40 | 008,673,792 | ---- | M] () -- C:\ProgramData\atscie.msi
[2008/04/30 18:28:08 | 001,654,869 | ---- | M] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2010/10/02 12:31:56 | 000,065,552 | -HS- | M] () -- C:\ProgramData\GB.bin

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
 
Extras log:

OTL Extras logfile created on: 2/7/2012 12:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ahmed\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.41% Memory free
6.00 Gb Paging File | 4.76 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 12.16 Gb Free Space | 5.22% Space Free | Partition Type: NTFS
Drive E: | 3.69 Gb Total Space | 0.79 Gb Free Space | 21.45% Space Free | Partition Type: FAT32

Computer Name: AHMED-PC | User Name: ahmed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018304}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018305}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018306}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018307}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018308}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018309}" = Fable III
"{4D53090A-CE35-42BD-B377-83100001830A}" = Fable III
"{4D53090A-CE35-42BD-B377-83100001830B}" = Fable III
"{4D53090A-CE35-42BD-B377-83100001830C}" = Fable III
"{4D53090A-CE35-42BD-B377-83100001830D}" = Fable III
"{4D53090A-CE35-42BD-B377-83100001830E}" = Fable III
"{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.101
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7CAA1E-D2D2-40E8-8FA4-3B8FCC9B305B}" = inSSIDer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE65493C-EA18-3458-AA58-EEDB9D671528}" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D8EA4774-1EB0-45EB-A4F5-E5F2776D328D}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F849775B-F39D-4EDD-A266-1A3E258F0498}" = Microsoft SQL Server Compact 3.5 SP2 Beta English
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aptana Studio 3" = Aptana Studio 3
"Audacity_is1" = Audacity 1.2.6
"Audio Video To Wav Converter_is1" = Audio Video To Wav Converter version 1.21
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitTornado" = BitTornado 0.3.18
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"conduitEngine" = Conduit Engine
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAX Unified" = EAX Unified
"Fences" = Fences
"FLAC" = FLAC 1.2.1b (remove only)
"FreeArc" = FreeArc 0.666
"GamersFirst LIVE!" = GamersFirst LIVE!
"Half-Life 2 [DiGiTALZoNE]" = Half-Life 2 [DiGiTALZoNE]
"Homeworld2" = Homeworld2
"InfraRecorder" = InfraRecorder
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nmap" = Nmap 5.59BETA1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"ResumeMaker Professional" = ResumeMaker Professional
"Security Task Manager" = Security Task Manager 1.7
"Smart Defrag 2_is1" = Smart Defrag 2
"Software Informer_is1" = Software Informer 1.0 BETA
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"VLC media player" = VLC media player 1.0.5
"VST Bridge_is1" = VST Bridge 1.1
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Wondershare Video to DVD Burner_is1" = Wondershare Video to DVD Burner(Build 2.5.1.10)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = GameXN GO
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"SOE-DC Universe Online Live" = DC Universe Online Live
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2011 9:56:58 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\Windows Live\Messenger\uccapi.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Windows Live Messenger because
of this error. Program: Windows Live Messenger File: C:\Program Files\Windows Live\Messenger\uccapi.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 6/22/2011 3:15:41 AM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00055b57 Faulting
process id: 0x518 Faulting application start time: 0x01cc2ed9a93421a1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6f351dec-9c9f-11e0-84ec-0023545f22c4

Error - 6/22/2011 5:01:43 AM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc.exe, version: 1.3.1249.0, time stamp:
0x4a9591c8 Faulting module name: mpc-hc.exe, version: 1.3.1249.0, time stamp: 0x4a9591c8
Exception
code: 0xc0000005 Fault offset: 0x0001f023 Faulting process id: 0x5a0 Faulting application
start time: 0x01cc30b23ae9a086 Faulting application path: C:\Program Files\MPC HomeCinema\mpc-hc.exe
Faulting
module path: C:\Program Files\MPC HomeCinema\mpc-hc.exe Report Id: 3f4a4424-9cae-11e0-84ec-0023545f22c4

Error - 6/23/2011 9:51:29 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: skype.exe, version: 5.3.0.116, time stamp:
0x4ddea058 Faulting module name: skype.exe, version: 5.3.0.116, time stamp: 0x4ddea058
Exception
code: 0xc0000005 Fault offset: 0x005ddd98 Faulting process id: 0x1334 Faulting application
start time: 0x01cc32112d2f7667 Faulting application path: C:\program files\skype\phone\skype.exe
Faulting
module path: C:\program files\skype\phone\skype.exe Report Id: 79dcc53d-9e04-11e0-84ec-0023545f22c4

Error - 6/28/2011 8:07:22 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 6/29/2011 6:28:26 AM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 6/29/2011 11:19:45 PM | Computer Name = ahmed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_IKEEXT, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00055d83 Faulting
process id: 0x4fc Faulting application start time: 0x01cc36471044d049 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: cd49d268-a2c7-11e0-80c2-0023545f22c4

Error - 6/29/2011 11:31:39 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 6/30/2011 8:37:19 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/1/2011 8:08:42 PM | Computer Name = ahmed-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2/7/2012 4:01:03 PM | Computer Name = ahmed-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >
 
Also, I have removed advanced system care and the ask toolbar. Thanks for all of the useful info regarding registry cleaners!
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2009/12/16 17:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startpa...on=6.1-x86-SP0
IE - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/12 19:48:29 | 000,000,000 | ---D | M]
[2012/01/16 08:26:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B201EF86-CB45-4A62-BA99-F9C29E658EDF}&mid=5b5d0b40b09e6ceb2bba616682bef8e2-bcc7adc07294cb8b8bc9149e4d859401432896bf&lang=us&ds=AVG&pr=pa&d=2011-12-07 01:19:31&v=10.0.0.7&sap=dsp&q={searchTerms}
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
[2009/12/06 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\ahmed\AppData\Roaming\AVG9
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D06A4C76
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Services

:Reg

:Files
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG Secure Search

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Made a bit of a mistake after the computer rebooted right after the temp file cleaner. Lost the logs of the previous scans, including the OTL fix. Should I run them all again?
 
OTL run fix log:

All processes killed
========== OTL ==========
No active process named ApplicationUpdater.exe was found!
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared not found.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml.old not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 not found.
File C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files\AVG Secure Search\vprot.exe not found.
Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2554249345-3605349893-3213807598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll not found.
Folder C:\Users\ahmed\AppData\Roaming\AVG9\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:D06A4C76 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
File\Folder C:\Program Files\AVG Secure Search not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: ahmed
->Temp folder emptied: 1633 bytes
->Temporary Internet Files folder emptied: 147518 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 144439416 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 906 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10465 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 138.00 mb


[EMPTYJAVA]

User: ahmed
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: ahmed
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02072012_135805

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Security Check Log:

de Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
SpyHunter
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
 
FSS Log:

Farbar Service Scanner Version: 05-02-2012
Ran by ahmed (administrator) on 07-02-2012 at 14:07:21
Running from "C:\Users\ahmed\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
The scanner has found 8 threats, but has been stuck on one file for quite some time. The scanner has been running for 2 hours a 5 minutes, and is stuck at 99%. Is this normal?

EDIT: It's moving again. Will report if anything changes.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back