TechSpot

Google and Bing redirect

Solved
By naime
Nov 18, 2012
  1. I have the Google search engine redirect. Tried many ways listed online to remove it without success. Switched to Bing which also eventually became infected. I have Norton 360 which failed to find it. I am not especially computer literate. Any help would be greatly appreciated. The results of the scans from Malwarebytes and DDS are as follows:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Monte :: MONTE-PC [administrator]

    11/18/2012 12:54:30 PM
    mbam-log-2012-11-18 (12-54-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 285857
    Time elapsed: 8 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by Monte at 13:07:25 on 2012-11-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1368 [GMT -5:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Real\realplayer\update\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\6.4.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\6.4.0.9\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\6.4.0.9\coieplg.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [Facebook Update] "c:\users\monte\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpn client.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\monte\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\monte\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230483963631
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254084723854
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{4EC6BF36-DCC7-4E96-BE29-4C5E64DCB0C2} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\monte\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\monte\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\monte\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
    FF - plugin: c:\users\monte\appdata\roaming\mozilla\firefox\profiles\cahndjyu.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - plugin: c:\users\monte\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\monte\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2012-11-07 21:17; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - ExtSQL: !HIDDEN! 2009-07-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768]
    R1 DVDHelp;DVD Video Region CSS free Filter Driver;c:\windows\system32\drivers\DVDHelp.sys [2010-10-17 25624]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20121116.001\IDSvix86.sys [2012-11-16 386720]
    R1 mdf15;mdf15;c:\program files\clarus\samsung secretzone\mdf15.sys [2011-3-11 12800]
    R1 mvd20;mvd20;c:\program files\clarus\samsung secretzone\mvd20.sys [2011-3-11 64000]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604000.009\symtdiv.sys [2012-10-1 345208]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-17 21504]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-8 47640]
    R2 MSR Service;Virtual Disk Service Manager;c:\program files\clarus\samsung secretzone\MSSvc.exe [2011-3-11 114688]
    R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-25 24652]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
    R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-9-7 156928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c985b59f54fe20;Google Update Service (gupdate1c985b59f54fe20);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-27 84832]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-10 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-14 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-25 30192]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2072-04-03 17:13:14 607296 ------w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll
    2012-11-16 07:10:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ac9603c-1cfc-4d68-a0fd-1d4f3b975166}\offreg.dll
    2012-11-16 07:06:37 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ac9603c-1cfc-4d68-a0fd-1d4f3b975166}\mpengine.dll
    2012-11-14 03:01:34 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-14 03:01:16 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 02:17:30 -------- d-----w- c:\program files\common files\xing shared
    2012-11-08 02:16:48 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
    2012-11-08 02:02:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2012-11-08 02:16:29 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-08 02:16:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-08 02:07:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-08 02:07:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-08 02:02:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-08 02:02:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-11 09:20:05 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-10-02 22:20:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-02 22:20:00 7697768 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-02 22:20:00 6127464 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-02 22:20:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-02 22:20:00 2428776 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-02 22:20:00 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-10-02 22:20:00 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-02 22:20:00 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-02 22:20:00 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-10-02 22:20:00 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-10-02 22:20:00 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-02 22:20:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
    2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 17:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 02:55:44 2 --shatr- c:\windows\winstart.bat
    2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 19:58:36 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
    2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    ============= FINISH: 13:08:23.40 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2007 6:12:38 AM
    System Uptime: 11/14/2012 3:44:27 AM (106 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Burbank
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2400/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 118.333 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.395 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0181
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #3
    PNP Device ID: ROOT\*6TO4MP\0181
    Service: tunnel
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Realtek High Definition Audio
    Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A69&REV_1001\4&18A55ED&0&0001
    Manufacturer: Realtek
    Name: Realtek High Definition Audio
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A69&REV_1001\4&18A55ED&0&0001
    Service: IntcAzAudAddService
    .
    Class GUID:
    Description: SYMIDS
    Device ID: ROOT\LEGACY_SYMIDS\0000
    Manufacturer:
    Name: SYMIDS
    PNP Device ID: ROOT\LEGACY_SYMIDS\0000
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\MEDIA\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MEDIA\0000
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    ActiveCheck component for HP Active Support Library
    Adobe Acrobat 8 Standard
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat 8.3.1 Standard
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator 10.0.3
    Adobe Illustrator CS4
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader X (10.1.4)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Stock Photos CS3
    Adobe SVG Viewer 3.0
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Mythology
    Age of Mythology - The Titans Expansion
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audiosurf
    BOINC
    Bonjour
    Call of Duty
    Call of Duty 2
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.3 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty(R) - World at War(TM) 1.6 Patch
    Call of Duty(R) - World at War(TM) 1.7 Patch
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: United Offensive
    CameraHelperMsi
    CCleaner
    Cisco Systems VPN Client 5.0.04.0300
    Conduit Engine
    Connect
    Coupon Printer for Windows
    Creative Audio Control Panel
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties
    D3DX10
    Didger 3
    DivX Codec
    Download Updater (AOL LLC)
    Easy DVD Clone
    EB Documentation 1.1
    EB Trivial Script 0.125
    Empire: Total War
    erLT
    Europa Barbarorum 1.1
    Facebook Video Calling 1.2.0.287
    Fallout 3
    Free Studio version 5.6.3.706
    Free YouTube to MP3 Converter version 3.11.31.916
    Garmin Communicator Plugin
    Garmin USB Drivers
    Garmin WebUpdater
    GeoMapApp
    GiliSoft DVD Region+CSS Decryption 2.1
    GIMP 2.6.7
    Google Chrome
    Google Desktop
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    Graboid Video 1.73
    Grand Theft Auto: San Andreas
    Hardware Diagnostic Tools
    Hegemony City States
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Product Detection
    HP Update
    HPAsset component for HP Active Support Library
    HPSSupply
    iCloud
    Intel(R) Matrix Storage Manager
    Intel(R) Network Connections Drivers
    Intel® Viiv™ Software
    IrfanView (remove only)
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    JavaFX 2.1.1
    Junk Mail filter update
    kuler
    Last.fm 1.5.4.27091
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    LightScribe 1.8.15.1
    Lizardtech Express View Browser Plug-in
    Logitech Webcam Software
    LogMeIn
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Mafia II
    Malwarebytes Anti-Malware version 1.65.1.1000
    MediaGet
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft DirectX SDK (August 2007)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft Zoo Tycoon
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    muvee autoProducer 6.0
    My HP Games
    Napoleon: Total War
    Norton 360 Premier Edition
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    OpenAL
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 3
    Populous: The Beginning
    PSSWCORE
    PunkBuster Services
    Python 2.5
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rhapsody Player Engine
    Rome: Total War Gold Edition
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Samsung Auto Backup
    Samsung SecretZone
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Segoe UI
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 5.10
    Sound Blaster X-Fi
    SSH Secure Shell
    Star Wars - Battlefront II
    Steam
    Suite Shared Configuration CS4
    swMSM
    Symantec Technical Support Web Controls
    SyncToy 2.1 (x86)
    The Elder Scrolls IV: Oblivion
    The Sims™ 3
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wpaiper
    TurboTax 2011 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Ventrilo Client
    VideoToolkit01
    Viewpoint Media Player
    VLC media player 1.1.8
    VoiceOver Kit
    Vuze
    Vuze Remote Toolbar
    WeatherBug Gadget
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPcap 4.1.1
    WinRAR archiver
    Wolfram Mathematica Player
    Xfire (remove only)
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/18/2012 6:09:09 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    11/14/2012 3:44:55 AM, Error: volmgr [46] - Crash dump initialization failed!
    11/14/2012 3:04:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/14/2012 3:04:43 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/14/2012 3:02:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/13/2012 9:40:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    11/13/2012 9:40:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2012 10:07:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    11/13/2012 10:07:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  3. naime

    naime TS Rookie Topic Starter Posts: 16

    Thanks for helping me with this problem. I appreciate your time an expertise

    I ran the program specified. When it started I received this message:
    Registry value "AppINit_Dlls" has been found, which may be caused by rootkit activity.
    Note: Press "No" button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again.
    Do you want to remove this value and restart the tool?

    I pressed "No" and the program ran to completion with problem
    Nothing was found

    mbar-log
    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.18.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Monte :: MONTE-PC [administrator]

    11/18/2012 1:57:03 PM
    mbar-log-2012-11-18 (13-57-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 30487
    Time elapsed: 12 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    system-log.txt
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.400000 GHz
    Memory total: 3219537920, free: 1482661888

    ------------ Kernel report ------------
    11/18/2012 13:43:59
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\N360\0604000.009\SYMDS.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\N360\0604000.009\SYMEFA.SYS
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\e1e6032.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\xcbda.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\DRIVERS\xchal.sys
    \SystemRoot\system32\DRIVERS\xcmem.sys
    \SystemRoot\system32\DRIVERS\xcfe.sys
    \SystemRoot\system32\drivers\ctaud2k.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ctoss2k.sys
    \SystemRoot\system32\drivers\ctprxy2k.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\DVDHelp.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\lmimirr.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\dne2000.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\ha20x2k.sys
    \SystemRoot\system32\drivers\emupia2k.sys
    \SystemRoot\system32\drivers\ctsfm2k.sys
    \SystemRoot\system32\drivers\ctac32k.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\CTHWIUT.SYS
    \SystemRoot\System32\drivers\CT20XUT.SYS
    \SystemRoot\System32\drivers\CTEXFIFX.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\ccSetx86.sys
    \SystemRoot\System32\Drivers\N360\0604000.009\SRTSP.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\Ironx86.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\SRTSPX.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\N360\0604000.009\SYMTDIV.SYS
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \??\C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys
    \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\System32\Drivers\adfs.SYS
    \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
    \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \??\C:\Windows\system32\drivers\SECDRV.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121116.001\IDSvix86.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVEX15.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVENG.SYS
    \??\C:\Users\Monte\AppData\Local\Temp\mbr.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xffffffff89c43ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000083\
    Lower Device Object: 0xffffffff89bd3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff89c03ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000082\
    Lower Device Object: 0xffffffff89be3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff89c13ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000081\
    Lower Device Object: 0xffffffff89bf3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff89bb3ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000080\
    Lower Device Object: 0xffffffff89ba3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff872dfac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861bb028
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2012.11.18.04
    Downloaded database version: v2012.11.15.02
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff872dfac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86d76190, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff872dfac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff861bb028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffff9dd19b08, 0xffffffff872dfac8, 0xffffffff828050f8
    Lower DeviceData: 0xffffffffcff617f0, 0xffffffff861bb028, 0xffffffff8aa47d58
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    File kernel read failed: C:\Windows\system32\drivers\nvlddmkm.sys
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1549F232

    Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 5 Numsec = 0

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 955385487
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955385550 Numsec = 21382515

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-4-976753168-976773168)...
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff89bb3ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c23a00, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff89bb3ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff89ba3cb8, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff89c13ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c23d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff89c13ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff89bf3cb8, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff89c03ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c33d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff89c03ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff89be3cb8, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xffffffff89c43ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c33a10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff89c43ac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff89bd3cb8, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.400000 GHz
    Memory total: 3219537920, free: 1502662656

    ------------ Kernel report ------------
    11/18/2012 14:26:32
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\N360\0604000.009\SYMDS.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\N360\0604000.009\SYMEFA.SYS
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\e1e6032.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\xcbda.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\DRIVERS\xchal.sys
    \SystemRoot\system32\DRIVERS\xcmem.sys
    \SystemRoot\system32\DRIVERS\xcfe.sys
    \SystemRoot\system32\drivers\ctaud2k.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ctoss2k.sys
    \SystemRoot\system32\drivers\ctprxy2k.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\DVDHelp.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\lmimirr.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\dne2000.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\ha20x2k.sys
    \SystemRoot\system32\drivers\emupia2k.sys
    \SystemRoot\system32\drivers\ctsfm2k.sys
    \SystemRoot\system32\drivers\ctac32k.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\CTHWIUT.SYS
    \SystemRoot\System32\drivers\CT20XUT.SYS
    \SystemRoot\System32\drivers\CTEXFIFX.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\ccSetx86.sys
    \SystemRoot\System32\Drivers\N360\0604000.009\SRTSP.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\Ironx86.SYS
    \SystemRoot\system32\drivers\N360\0604000.009\SRTSPX.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\N360\0604000.009\SYMTDIV.SYS
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \??\C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys
    \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\System32\Drivers\adfs.SYS
    \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
    \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \??\C:\Windows\system32\drivers\SECDRV.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121116.001\IDSvix86.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVEX15.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVENG.SYS
    \??\C:\Users\Monte\AppData\Local\Temp\mbr.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xffffffff89c43ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000083\
    Lower Device Object: 0xffffffff89bd3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Device already Exists: 0xffffffff860c0370
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff89c03ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000082\
    Lower Device Object: 0xffffffff89be3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Device already Exists: 0xffffffffb5a52328
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff89c13ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000081\
    Lower Device Object: 0xffffffff89bf3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Device already Exists: 0xffffffffc4be16a0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff89bb3ac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000080\
    Lower Device Object: 0xffffffff89ba3cb8
    Lower Device Driver Name: \Driver\USBSTOR\
    Device already Exists: 0xffffffff85be8248
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff872dfac8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861bb028
    Lower Device Driver Name: \Driver\iaStor\
    Device already Exists: 0xffffffff8aa47d58
    =======================================
  4. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. naime

    naime TS Rookie Topic Starter Posts: 16

    When I attempt to download Roguekiller.exe I received a threat warning from Norton 360 which deletes the program as it has "Suspicious.Cloud.7.EP". Should I disable Norton and continue?
  6. Broni

    Broni Malware Annihilator Posts: 46,743   +254

  7. naime

    naime TS Rookie Topic Starter Posts: 16

    MBR found an infected file. Should I hit the "FixMBR" button before exiting?

    Logs
    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Monte [Admin rights]
    Mode : Scan -- Date : 11/18/2012 14:47:35

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x82EA265D -> HOOKED (Unknown @ 0x89E94A80)
    SSDT[14] : NtAlertThread @ 0x82E1B295 -> HOOKED (Unknown @ 0x89E94B60)
    SSDT[18] : NtAllocateVirtualMemory @ 0x82E5754B -> HOOKED (Unknown @ 0x89E8C3B0)
    SSDT[21] : NtAlpcConnectPort @ 0x82DF988B -> HOOKED (Unknown @ 0x89D04460)
    SSDT[42] : NtAssignProcessToJobObject @ 0x82DCCB47 -> HOOKED (Unknown @ 0x89E685C8)
    SSDT[67] : NtCreateMutant @ 0x82E2F862 -> HOOKED (Unknown @ 0x89E89DA0)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x82DCF35E -> HOOKED (Unknown @ 0x89E682E8)
    SSDT[78] : NtCreateThread @ 0x82EA0C74 -> HOOKED (Unknown @ 0x89E0EDC0)
    SSDT[116] : NtDebugActiveProcess @ 0x82E73D78 -> HOOKED (Unknown @ 0x89E686A8)
    SSDT[129] : NtDuplicateObject @ 0x82E07581 -> HOOKED (Unknown @ 0x89E8C580)
    SSDT[147] : NtFreeVirtualMemory @ 0x82C93F1D -> HOOKED (Unknown @ 0x89E96E70)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x82DC9F16 -> HOOKED (Unknown @ 0x89E89E90)
    SSDT[158] : NtImpersonateThread @ 0x82DDF553 -> HOOKED (Unknown @ 0x89E89F70)
    SSDT[165] : NtLoadDriver @ 0x82D7ADEE -> HOOKED (Unknown @ 0x89D043E8)
    SSDT[177] : NtMapViewOfSection @ 0x82E1F8DA -> HOOKED (Unknown @ 0x89E96D70)
    SSDT[184] : NtOpenEvent @ 0x82E08DFF -> HOOKED (Unknown @ 0x89E89CC0)
    SSDT[194] : NtOpenProcess @ 0x82E2FFFE -> HOOKED (Unknown @ 0x89E6A090)
    SSDT[195] : NtOpenProcessToken @ 0x82E10A60 -> HOOKED (Unknown @ 0x89E8C4A0)
    SSDT[197] : NtOpenSection @ 0x82E206AD -> HOOKED (Unknown @ 0x89E89B00)
    SSDT[201] : NtOpenThread @ 0x82E2B54F -> HOOKED (Unknown @ 0x89E8C650)
    SSDT[210] : NtProtectVirtualMemory @ 0x82E29332 -> HOOKED (Unknown @ 0x89E684D8)
    SSDT[282] : NtResumeThread @ 0x82E2AB9A -> HOOKED (Unknown @ 0x89E94C40)
    SSDT[289] : NtSetContextThread @ 0x82EA210B -> HOOKED (Unknown @ 0x89E94EE0)
    SSDT[305] : NtSetInformationProcess @ 0x82E23908 -> HOOKED (Unknown @ 0x89E94FC0)
    SSDT[317] : NtSetSystemInformation @ 0x82DF5EEF -> HOOKED (Unknown @ 0x89E899B8)
    SSDT[330] : NtSuspendProcess @ 0x82EA2597 -> HOOKED (Unknown @ 0x89E89BE0)
    SSDT[331] : NtSuspendThread @ 0x82DA992D -> HOOKED (Unknown @ 0x89E94D20)
    SSDT[334] : NtTerminateProcess @ 0x82E00173 -> HOOKED (Unknown @ 0x89E66EC0)
    SSDT[335] : NtTerminateThread @ 0x82E2B584 -> HOOKED (Unknown @ 0x89E94E00)
    SSDT[348] : NtUnmapViewOfSection @ 0x82E1FB9D -> HOOKED (Unknown @ 0x89E96C90)
    SSDT[358] : NtWriteVirtualMemory @ 0x82E1C96D -> HOOKED (Unknown @ 0x89E96F60)
    SSDT[382] : NtCreateThreadEx @ 0x82E2B039 -> HOOKED (Unknown @ 0x89E683D8)
    S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AAAC0D8)
    S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AA2CF90)
    S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AA2CED0)
    S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AAC8B68)
    S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A990298)
    S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8AAC4C08)
    S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8AAC8700)
    S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8AAC4DB8)
    S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A7CBD50)
    S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A3CE4D0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS +++++
    --- User ---
    [MBR] 2a370ad75c6cd5233a3be1014e92240e
    [BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466496 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955385550 | Size: 10440 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11182012_02d1447.txt >>
    RKreport[1]_S_11182012_02d1447.txt


    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Monte [Admin rights]
    Mode : Remove -- Date : 11/18/2012 14:48:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x82EA265D -> HOOKED (Unknown @ 0x89E94A80)
    SSDT[14] : NtAlertThread @ 0x82E1B295 -> HOOKED (Unknown @ 0x89E94B60)
    SSDT[18] : NtAllocateVirtualMemory @ 0x82E5754B -> HOOKED (Unknown @ 0x89E8C3B0)
    SSDT[21] : NtAlpcConnectPort @ 0x82DF988B -> HOOKED (Unknown @ 0x89D04460)
    SSDT[42] : NtAssignProcessToJobObject @ 0x82DCCB47 -> HOOKED (Unknown @ 0x89E685C8)
    SSDT[67] : NtCreateMutant @ 0x82E2F862 -> HOOKED (Unknown @ 0x89E89DA0)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x82DCF35E -> HOOKED (Unknown @ 0x89E682E8)
    SSDT[78] : NtCreateThread @ 0x82EA0C74 -> HOOKED (Unknown @ 0x89E0EDC0)
    SSDT[116] : NtDebugActiveProcess @ 0x82E73D78 -> HOOKED (Unknown @ 0x89E686A8)
    SSDT[129] : NtDuplicateObject @ 0x82E07581 -> HOOKED (Unknown @ 0x89E8C580)
    SSDT[147] : NtFreeVirtualMemory @ 0x82C93F1D -> HOOKED (Unknown @ 0x89E96E70)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x82DC9F16 -> HOOKED (Unknown @ 0x89E89E90)
    SSDT[158] : NtImpersonateThread @ 0x82DDF553 -> HOOKED (Unknown @ 0x89E89F70)
    SSDT[165] : NtLoadDriver @ 0x82D7ADEE -> HOOKED (Unknown @ 0x89D043E8)
    SSDT[177] : NtMapViewOfSection @ 0x82E1F8DA -> HOOKED (Unknown @ 0x89E96D70)
    SSDT[184] : NtOpenEvent @ 0x82E08DFF -> HOOKED (Unknown @ 0x89E89CC0)
    SSDT[194] : NtOpenProcess @ 0x82E2FFFE -> HOOKED (Unknown @ 0x89E6A090)
    SSDT[195] : NtOpenProcessToken @ 0x82E10A60 -> HOOKED (Unknown @ 0x89E8C4A0)
    SSDT[197] : NtOpenSection @ 0x82E206AD -> HOOKED (Unknown @ 0x89E89B00)
    SSDT[201] : NtOpenThread @ 0x82E2B54F -> HOOKED (Unknown @ 0x89E8C650)
    SSDT[210] : NtProtectVirtualMemory @ 0x82E29332 -> HOOKED (Unknown @ 0x89E684D8)
    SSDT[282] : NtResumeThread @ 0x82E2AB9A -> HOOKED (Unknown @ 0x89E94C40)
    SSDT[289] : NtSetContextThread @ 0x82EA210B -> HOOKED (Unknown @ 0x89E94EE0)
    SSDT[305] : NtSetInformationProcess @ 0x82E23908 -> HOOKED (Unknown @ 0x89E94FC0)
    SSDT[317] : NtSetSystemInformation @ 0x82DF5EEF -> HOOKED (Unknown @ 0x89E899B8)
    SSDT[330] : NtSuspendProcess @ 0x82EA2597 -> HOOKED (Unknown @ 0x89E89BE0)
    SSDT[331] : NtSuspendThread @ 0x82DA992D -> HOOKED (Unknown @ 0x89E94D20)
    SSDT[334] : NtTerminateProcess @ 0x82E00173 -> HOOKED (Unknown @ 0x89E66EC0)
    SSDT[335] : NtTerminateThread @ 0x82E2B584 -> HOOKED (Unknown @ 0x89E94E00)
    SSDT[348] : NtUnmapViewOfSection @ 0x82E1FB9D -> HOOKED (Unknown @ 0x89E96C90)
    SSDT[358] : NtWriteVirtualMemory @ 0x82E1C96D -> HOOKED (Unknown @ 0x89E96F60)
    SSDT[382] : NtCreateThreadEx @ 0x82E2B039 -> HOOKED (Unknown @ 0x89E683D8)
    S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AAAC0D8)
    S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AA2CF90)
    S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AA2CED0)
    S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AAC8B68)
    S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A990298)
    S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8AAC4C08)
    S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8AAC8700)
    S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8AAC4DB8)
    S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A7CBD50)
    S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A3CE4D0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS +++++
    --- User ---
    [MBR] 2a370ad75c6cd5233a3be1014e92240e
    [BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466496 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955385550 | Size: 10440 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11182012_02d1448.txt >>
    RKreport[1]_S_11182012_02d1447.txt ; RKreport[2]_D_11182012_02d1448.txt


    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Monte [Admin rights]
    Mode : HOSTSFix -- Date : 11/18/2012 14:49:14

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ Resetted HOSTS: ¤¤¤
    127.0.0.1 localhost

    Finished : << RKreport[3]_H_11182012_02d1449.txt >>
    RKreport[1]_S_11182012_02d1447.txt ; RKreport[2]_D_11182012_02d1448.txt ; RKreport[3]_H_11182012_02d1449.txt


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-18 14:51:17
    -----------------------------
    14:51:17.437 OS Version: Windows 6.0.6002 Service Pack 2
    14:51:17.437 Number of processors: 4 586 0xF0B
    14:51:17.437 ComputerName: MONTE-PC UserName: Monte
    14:51:19.527 Initialize success
    14:52:01.667 AVAST engine defs: 12111801
    14:52:04.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:52:04.662 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 8
    14:52:04.677 Disk 0 MBR read successfully
    14:52:04.693 Disk 0 MBR scan
    14:52:04.693 Disk 0 unknown MBR code
    14:52:04.693 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466496 MB offset 63
    14:52:04.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10440 MB offset 955385550
    14:52:04.771 Disk 0 scanning sectors +976768065
    14:52:04.896 Disk 0 scanning C:\Windows\system32\drivers
    14:52:22.680 Service scanning
    14:52:48.482 Modules scanning
    14:53:28.325 Disk 0 trace - called modules:
    14:53:28.340 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    14:53:28.340 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872dfac8]
    14:53:28.356 3 CLASSPNP.SYS[8b5a78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861bb028]
    14:53:29.432 AVAST engine scan C:\Windows
    14:53:32.708 AVAST engine scan C:\Windows\system32
    14:57:13.479 AVAST engine scan C:\Windows\system32\drivers
    14:57:32.527 AVAST engine scan C:\Users\Monte
    15:42:53.078 File: C:\Users\Monte\Downloads\Google Updater.exe **INFECTED** Win32:Malware-gen
    16:01:10.280 AVAST engine scan C:\ProgramData
    16:14:05.900 Scan finished successfully
    17:13:52.887 Disk 0 MBR has been saved successfully to "C:\Users\Monte\Desktop\MBR.dat"
    17:13:52.902 The log file has been saved successfully to "C:\Users\Monte\Desktop\aswMBR.txt"
  8. naime

    naime TS Rookie Topic Starter Posts: 16

    Infected file listed as "Google updater.exe **INFECTED** win32:malware-ge". I can't read the rest of the infection identification due to the window size which cannot be enlarged
  9. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Hit nothing.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ======================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. naime

    naime TS Rookie Topic Starter Posts: 16

    ComboFix 12-11-16.02 - Monte 11/18/2012 17:42:53.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1532 [GMT -5:00]
    Running from: c:\users\Monte\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Monte\AppData\Roaming\Microsoft\~DFK24ae58.tmp
    c:\users\Monte\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Monte\AppData\Roaming\Microsoft\bass.dll
    c:\users\Monte\AppData\Roaming\Microsoft\cxaadji.dll
    c:\users\Monte\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Monte\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Monte\AppData\Roaming\Microsoft\khaadjf.dll
    c:\users\Monte\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Monte\AppData\Roaming\Microsoft\mnhjrel.dll
    c:\users\Monte\AppData\Roaming\Microsoft\ncaadjg.dll
    c:\users\Monte\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Monte\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Monte\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\Monte\AppData\Roaming\Microsoft\vqaadjh.dll
    c:\users\Monte\AppData\Roaming\Microsoft\wqaadjj.dll
    c:\windows\CoUPonprinter.ocx
    c:\windows\system32\SET154F.tmp
    c:\windows\system32\SET162D.tmp
    c:\windows\system32\SET399.tmp
    c:\windows\system32\SET8B23.tmp
    c:\windows\system32\SETFDF7.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
    .
    .
    2072-04-03 17:13 . 2008-03-21 18:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
    2012-11-16 07:10 . 2012-11-16 07:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AC9603C-1CFC-4D68-A0FD-1D4F3B975166}\offreg.dll
    2012-11-16 07:06 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AC9603C-1CFC-4D68-A0FD-1D4F3B975166}\mpengine.dll
    2012-11-14 03:01 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-14 03:01 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 02:17 . 2012-11-08 02:17 -------- d-----w- c:\program files\Common Files\xing shared
    2012-11-08 02:02 . 2012-11-08 02:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-08 02:16 . 2007-12-11 11:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-08 02:16 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-08 02:07 . 2012-04-20 11:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-08 02:07 . 2011-05-30 18:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-08 02:02 . 2012-06-26 03:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-08 02:02 . 2010-05-13 04:38 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-11 09:20 . 2012-10-11 09:20 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-02 22:20 . 2012-10-16 09:58 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-02 22:20 . 2012-10-16 09:58 7697768 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-02 22:20 . 2012-10-16 09:58 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-02 22:20 . 2012-10-16 09:58 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-02 22:20 . 2012-10-16 09:58 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-02 22:20 . 2012-10-16 09:57 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-10-02 22:20 . 2012-10-16 09:57 6127464 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-02 22:20 . 2012-10-16 09:57 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-02 22:20 . 2012-03-07 05:06 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-10-02 22:20 . 2012-03-07 05:06 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-10-02 22:20 . 2012-03-07 05:06 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-10-02 22:20 . 2007-08-28 05:59 2428776 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-02 19:29 . 2009-06-26 20:32 645992 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29 . 2009-06-26 20:32 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:29 . 2009-06-26 20:32 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29 . 2009-06-26 20:32 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:29 . 2009-06-26 20:32 2853224 ----a-w- c:\windows\system32\nvsvc.dll
    2012-10-02 19:28 . 2009-06-26 20:32 3965288 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-09-29 23:54 . 2010-08-15 01:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 02:55 . 2012-09-29 02:55 2 --shatr- c:\windows\winstart.bat
    2012-09-13 13:28 . 2012-10-10 11:13 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27 . 2012-10-10 11:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27 . 2012-10-10 11:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 19:58 . 2012-08-14 22:49 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
    2012-08-24 15:53 . 2012-10-10 11:13 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 17:01 . 2012-10-05 22:23 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01 . 2010-03-17 00:09 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-10-27 19:11 . 2012-10-27 19:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2009-04-01 02:47 . 2012-10-27 19:11 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
    2008-08-01 18:49 . 2012-10-27 19:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-03 15:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-03 15:16 175400 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Facebook Update"="c:\users\Monte\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2011-03-25 58544]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-11-08 296096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
    "Z1"="c:\users\Monte\Downloads\mbar-1.01.0.1009\mbar\mbar.exe" [2012-11-08 1341800]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-12-8 6144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-11-06 13:33 2356088 ------w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
    2011-03-25 17:13 4863152 ----a-w- c:\program files\BOINC\boincmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-03-31 12:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-09-04 03:22 133104 ----atw- c:\users\Monte\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
    2007-02-15 11:59 118784 ------w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-11-08 02:16 296096 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 09:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 02:07]
    .
    2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001Core.job
    - c:\users\Monte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 22:55]
    .
    2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001UA.job
    - c:\users\Monte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 22:55]
    .
    2012-11-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 12:08]
    .
    2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 04:12]
    .
    2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 04:12]
    .
    2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001Core.job
    - c:\users\Monte\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 03:22]
    .
    2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001UA.job
    - c:\users\Monte\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 03:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Monte\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\Monte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-11-07 21:17; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2009-07-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-48938144.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-18 17:54
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(752)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'Explorer.exe'(12096)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-11-18 17:56:51
    ComboFix-quarantined-files.txt 2012-11-18 22:56
    .
    Pre-Run: 123,295,268,864 bytes free
    Post-Run: 123,366,649,856 bytes free
    .
    - - End Of File - - 4B246F2C4163FFBFEED9C255AEBD3B41
  11. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Looks good.

    How is computer doing?

    ============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. naime

    naime TS Rookie Topic Starter Posts: 16

    So far so good. Again thanks for walking me through all these steps. Onward to OTL now
  13. Broni

    Broni Malware Annihilator Posts: 46,743   +254

  14. naime

    naime TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 11/18/2012 6:17:21 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monte\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.03% Memory free
    6.20 Gb Paging File | 4.44 Gb Available in Paging File | 71.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.56 Gb Total Space | 114.96 Gb Free Space | 25.23% Space Free | Partition Type: NTFS
    Drive D: | 10.20 Gb Total Space | 1.40 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
    Drive E: | 498.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MONTE-PC | User Name: Monte | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0289694E-EF7F-4E54-96C0-D6A07A437021}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
    "{3E81CE06-8576-49DE-A50A-27D2F8B096D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6F1B374E-9592-43E8-A65E-180F62869BEA}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{8C6D7C25-43C4-4A7A-9693-0F1A1BE4A03F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
    "{B527D68B-512C-4BA8-92D7-6827D63C95B7}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{D048B4DA-F889-47F7-A4A8-DDFA75F5BB93}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{EFD9F8DF-E787-47E2-B486-6411F0435B8A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{FAFD50FC-BB1C-4D17-837B-BF8826D278A5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{004E0223-12F1-4CE2-BCC7-4EEB960145E1}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{010549FF-05CD-4607-922A-B8B3380B8ED6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
    "{01F61B64-7462-4D07-A675-1307DC7EDC54}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{05FBAEB9-F369-46EE-A755-A3515DBBAC74}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{069F6BE2-C5E7-458B-8D89-E8EA1C9570EC}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
    "{06CF2BAE-8650-4BC9-AAD3-9156B5ED01AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{0B69BE76-6CD2-413B-8311-6BDD1042E43E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{10B5BAA6-2A6E-45F8-B6E0-63CBAE1453B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{13B9F24F-0580-4605-AB38-B87AD6B775DD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{13CFFE87-8FA2-4C85-A02D-03D629E500A7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
    "{14F7589F-7EF1-436F-80F3-C2335690BF00}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{18201677-00DF-44DA-BD95-0BC07B1E4696}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
    "{19AEE5FA-66AC-4CC9-92D5-F81E1AA521AA}" = protocol=17 | dir=in | app=c:\users\monte\appdata\local\mediaget2\mediaget.exe |
    "{1DD285B7-5068-495C-B970-152F1DE4F275}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
    "{2FA7D4C1-D92E-4699-9652-CBEBB51DF858}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{308F2D24-3A28-45C5-91D9-29EADF63E3D3}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{373E46CE-6528-4DDC-8523-55B27DB95718}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{3AEB45CC-E761-4FBF-BCA1-1451EBD27990}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{3D3CB17B-C2E1-4A08-B209-BC2EF8AB3C99}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
    "{3DBE536D-C92A-4408-AE17-5D093D0131C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
    "{440F7F10-6549-40A7-95E3-B0719C52ED2A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
    "{480F4280-9CE6-4BD0-986A-4736C12A2EFA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{4886C4CB-BF6C-4F9B-8969-0F537E0E3268}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{49C10461-69E0-41A8-B20C-DE39035E492B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduomp.exe |
    "{509A62C8-CB37-4E64-A7A6-907E5D6FE5CC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{582A0BAE-54DD-493B-AAEE-64CE3B28F2A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{659E69A9-6431-419D-A69C-DCA4F50BA279}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{65B25357-BCD2-44A8-B32B-2B5477D30CAB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{66827376-3424-44E1-B8D1-190D5214DFE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe |
    "{68F3FDAA-FA00-4702-823F-1D036E575976}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe |
    "{6AE0991C-807B-4C8C-900D-4BFE01FFCFC0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{6D308669-147E-48BB-B847-02D8F87C8689}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{6F5ADD6B-760E-4019-AAD8-06CA3FB2AADA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{70AE6279-DB12-43DD-A440-2B865041C340}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{755094FD-96CA-4203-8B8F-C15B234DC2B7}" = dir=in | app=c:\users\monte\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{76C16046-6BEB-4D5C-9B4C-E2A18FB0BC51}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{76D73AD3-527A-46EC-B9AE-A9578B4FCED1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
    "{781FD774-4B51-411C-AB79-5D653D1FB614}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe |
    "{7EECCA74-8492-4D72-B22F-C5392AF26BD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduomp.exe |
    "{845E0D95-B450-4437-9C98-EE2148091ED4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{8756076E-F3A9-4723-B417-79A176C14A8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduosp.exe |
    "{898C08EC-A8B6-4D5A-889E-E9AF73895674}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{90036550-93BB-46E6-A5AB-99C54AC721EC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
    "{9267D8E2-33BD-4379-8A3D-74D6661A3224}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
    "{94D79194-AAA1-4EB4-97AA-6C59948380CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{9568078D-B653-42C5-9612-3649DDB37C69}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
    "{9FFB8CD3-D298-4538-99C3-87ACE5529F2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A00381EB-E883-41A0-B5AC-DF968618D804}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{A1EA4092-35AC-477D-A9BE-AA2F721A71A3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{A427B2CD-68D5-480D-A751-6A39737D61D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
    "{A73DA383-9079-4031-8061-986F0E0B27EC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{A8294207-3187-4611-81C2-22F9410C7FC5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{A8585883-02E5-4DFB-B5D5-5585D0460CD1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2sp_s.exe |
    "{B44C9BCA-77BE-41D9-8618-561707FBC027}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{B4F7D109-112E-4277-BBC0-C6A8D3A4304E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
    "{B663C20F-97F0-443B-93CA-B144B31D9472}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
    "{B6FFC567-97D9-4E60-8E1D-553058BF965F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
    "{B894F433-191A-48DE-A11F-F5779F42EA76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
    "{B95A3828-1FFF-468F-98C9-73C06B6B6EDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{BA67FDEB-93B9-48B9-A0F1-9331B7B7DFB3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{BACC2AE8-8B50-40BA-8FCD-F95CFEE2622D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BD96FE19-2B02-4CE0-9D3F-99508AA1F36B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{C177B34E-087D-4066-BF63-12F9FBA23667}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{C2EB3810-21EA-4210-ABA4-98CBDA771E40}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codmp.exe |
    "{C7FA5E9E-F598-469A-A23C-FA6ED9F51D2B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\codsp.exe |
    "{C9CEFDD7-D190-42C6-A60A-BED2C7D917E6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D12B0DFE-23C7-4A6F-8AD7-2E54541E098A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{D29D731E-2BD9-4C5C-9A9D-F38A7F4FA073}" = protocol=6 | dir=in | app=c:\users\monte\appdata\local\mediaget2\mediaget.exe |
    "{D59F1A44-5B2E-48E8-B682-ACC964A62FD4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 2\cod2mp_s.exe |
    "{DCC7B258-CAA8-48A4-9034-2D8DE56DFFA9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{DF919AA7-D889-4615-B89D-60687A2789B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii\pc\mafia2.exe |
    "{E053479D-A9EB-4C5C-B39A-7C87BEE5AC47}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
    "{E4A78C1B-A69F-4976-8ED9-75201EBB321E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E5509B41-39B8-4E3C-84E4-5A5532230AC1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty\coduosp.exe |
    "{EAEF9030-3A61-4F4C-B4B6-4FBF7F631CE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
    "{EAF231B4-9B3C-4A76-9464-D3D01E100EEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F01A05E8-A911-48D4-830B-D7BA331F6B44}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{F244C8ED-FC1E-427B-B3BA-1A050506F12C}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{F268FD95-E904-4086-A04A-48564AC10B19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
    "{F60973B3-793B-430C-9AAF-92C4772A2E1C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{F6DBECB8-D446-4085-A2FC-3F7C37EA2CA0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{FBCDBDDA-23F8-4126-A8BC-CDFD107D6531}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{FC89EF9C-0EBB-4909-AFEE-D4FAAAB6EE1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{FE31007C-3A35-4415-8DFB-DC1E3247FB1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii\pc\mafia2.exe |
    "{FEEA221E-4B98-4EEB-A6E4-F1E182258EE3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09DCDF59-BA26-4C45-941E-F16B50A7DDCE}" = Wolfram Mathematica Player
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1998E7BC-1C7D-4AE5-B942-87BE0AF37FE0}" = BOINC
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{30AB2FCD-FBF2-4bed-1111-13E6A1418622}_is1" = GiliSoft DVD Region+CSS Decryption 2.1
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
    "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9BCAC864-84C0-409F-8D12-364109622D18}_is1" = Europa Barbarorum 1.1
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CBFE7B86-D51D-4F69-84DD-61E2392CD42A}" = Didger 3
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE983D56-28C6-4E5D-A146-8A8339B9CC1F}" = Lizardtech Express View Browser Plug-in
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.3.1 Standard
    "Adobe Acrobat 8 Standard_831" = Adobe Acrobat 8.3.1 - CPSID_83708
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Age of Mythology 1.0" = Age of Mythology
    "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
    "AudioCS" = Creative Audio Control Panel
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "conduitEngine" = Conduit Engine
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties" = Creative Sound Blaster Properties
    "Easy DVD Clone" = Easy DVD Clone
    "EB Documentation_is1" = EB Documentation 1.1
    "EB Trivial Script_is1" = EB Trivial Script 0.125
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Free Studio_is1" = Free Studio version 5.6.3.706
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "Graboid Video" = Graboid Video 1.73
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "Intel(R) Configuration Center" = Intel® Viiv™ Software
    "IrfanView" = IrfanView (remove only)
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "Mozilla Thunderbird 16.0.1 (x86 en-US)" = Mozilla Thunderbird 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "N360" = Norton 360 Premier Edition
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Picasa 3" = Picasa 3
    "Populous: The Beginning" = Populous: The Beginning
    "PROSet" = Intel(R) Network Connections Drivers
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 15.0" = RealPlayer
    "Shop for HP Supplies" = Shop for HP Supplies
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 10500" = Empire: Total War
    "Steam App 12120" = Grand Theft Auto: San Andreas
    "Steam App 12900" = Audiosurf
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 2620" = Call of Duty
    "Steam App 2630" = Call of Duty 2
    "Steam App 2640" = Call of Duty: United Offensive
    "Steam App 34030" = Napoleon: Total War
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 4700" = Medieval II: Total War
    "Steam App 4760" = Rome: Total War Gold Edition
    "Steam App 4780" = Medieval II: Total War Kingdoms
    "Steam App 50130" = Mafia II
    "Steam App 550" = Left 4 Dead 2
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "Steam App 6060" = Star Wars - Battlefront II
    "TurboTax 2011" = TurboTax 2011
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.8
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WildTangent hp Master Uninstall" = My HP Games
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver
    "Xfire" = Xfire (remove only)
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GeoMapApp" = GeoMapApp
    "Google Chrome" = Google Chrome
    "Hegemony City States" = Hegemony City States
    "MediaGet" = MediaGet
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2012 3:35:30 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1008
    Description =

    Error - 11/8/2012 10:45:18 PM | Computer Name = Monte-PC | Source = Application Error | ID = 1000
    Description = Faulting application RomeTW.exe, version 1.0.0.0, time stamp 0x438afb5a,
    faulting module RomeTW.exe, version 1.0.0.0, time stamp 0x438afb5a, exception code
    0xc0000005, fault offset 0x0067b2bb, process id 0x2b50, application start time 0x01cdbe1ebe0bb8e0.

    Error - 11/11/2012 10:59:57 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1010
    Description =

    Error - 11/11/2012 10:59:58 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1008
    Description =

    Error - 11/13/2012 12:35:54 AM | Computer Name = Monte-PC | Source = Perflib | ID = 1010
    Description =

    Error - 11/13/2012 12:35:54 AM | Computer Name = Monte-PC | Source = Perflib | ID = 1008
    Description =

    Error - 11/14/2012 5:12:05 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1010
    Description =

    Error - 11/14/2012 5:12:06 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1008
    Description =

    Error - 11/15/2012 6:29:07 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1010
    Description =

    Error - 11/15/2012 6:29:07 PM | Computer Name = Monte-PC | Source = Perflib | ID = 1008
    Description =

    [ Media Center Events ]
    Error - 5/24/2008 12:12:59 PM | Computer Name = Monte-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/26/2008 8:06:31 AM | Computer Name = Monte-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/30/2008 3:34:14 PM | Computer Name = Monte-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 8/28/2008 9:49:30 AM | Computer Name = Monte-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 12/20/2008 9:48:55 PM | Computer Name = Monte-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 210
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 2/28/2009 4:14:28 PM | Computer Name = Monte-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/14/2012 4:04:43 AM | Computer Name = Monte-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/14/2012 4:44:31 AM | Computer Name = Monte-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/14/2012 4:44:55 AM | Computer Name = Monte-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/15/2012 3:55:02 AM | Computer Name = Monte-PC | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 11/17/2012 4:06:09 AM | Computer Name = Monte-PC | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 11/18/2012 7:09:09 AM | Computer Name = Monte-PC | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 11/18/2012 6:42:37 PM | Computer Name = Monte-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 11/18/2012 6:42:40 PM | Computer Name = Monte-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/18/2012 6:49:33 PM | Computer Name = Monte-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/18/2012 6:54:29 PM | Computer Name = Monte-PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
  15. naime

    naime TS Rookie Topic Starter Posts: 16

    OTL logfile created on: 11/18/2012 6:17:21 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monte\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.03% Memory free
    6.20 Gb Paging File | 4.44 Gb Available in Paging File | 71.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.56 Gb Total Space | 114.96 Gb Free Space | 25.23% Space Free | Partition Type: NTFS
    Drive D: | 10.20 Gb Total Space | 1.40 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
    Drive E: | 498.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MONTE-PC | User Name: Monte | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/18 18:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monte\Desktop\OTL.exe
    PRC - [2012/11/07 21:16:31 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
    PRC - [2012/10/02 17:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/02 14:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012/10/02 14:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\ccsvchst.exe
    PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/06 15:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/03/25 12:13:32 | 000,058,544 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2008/06/02 17:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/06/02 17:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - [2012/11/09 14:55:10 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/11/07 21:07:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/27 14:11:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/02 17:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
    SRV - [2012/02/06 15:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/08/31 19:35:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/06/10 06:35:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/06/02 15:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2010/03/13 01:29:16 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
    SRV - [2010/01/27 11:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2008/06/02 17:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
    SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
    SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
    SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
    SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
    SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
    SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Monte\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Monte\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/10/23 18:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/10/02 17:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/09/12 20:45:25 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/12 20:45:24 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121117.005\NAVENG.SYS -- (NAVENG)
    DRV - [2012/09/06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121116.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/08/08 22:15:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/08 22:15:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
    DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
    DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
    DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
    DRV - [2012/03/23 16:39:44 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/01/18 01:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2012/01/18 01:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/11/16 22:37:59 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)
    DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
    DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
    DRV - [2010/10/17 11:30:06 | 000,025,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\DVDHelp.sys -- (DVDHelp)
    DRV - [2010/06/02 15:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/01/27 11:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/01/27 11:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2009/10/30 22:59:02 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys -- (mvd20)
    DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2009/06/03 13:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2009/06/03 13:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
    DRV - [2009/06/03 13:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2009/06/03 13:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2009/06/03 13:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2009/06/03 13:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
    DRV - [2009/06/03 13:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2009/06/03 13:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV - [2009/06/03 13:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV - [2009/06/03 13:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV - [2009/06/03 13:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV - [2009/06/03 13:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV - [2009/06/03 13:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
    DRV - [2009/04/21 13:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
    DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/01/14 23:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2007/09/07 06:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc)
    DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
    IE - HKLM\..\SearchScopes\{29CE7A66-ED2A-4281-9839-859F2E761BB5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{3A8119AD-0154-4DFD-B19A-28A7F752C3FF}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect.search.aol.com...cationType=tb50-ie-elections-chromesbox-en-us
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7
    IE - HKLM\..\SearchScopes\{4A6759C9-AF05-4D99-853A-8CE25FA5DB08}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW4&o=&src=crm&q={searchTerms}&locale=
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{3A8119AD-0154-4DFD-B19A-28A7F752C3FF}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect.search.aol.com...cationType=tb50-ie-elections-chromesbox-en-us
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{4A6759C9-AF05-4D99-853A-8CE25FA5DB08}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=XFvqwgKO7mS3-DT-dthvffHq4WM?q={searchTerms}
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    IE - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
    FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9
    FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: njvwzmlukh@njvwzmlukh.org:2.5
    FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
    FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.16.0.3
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
    FF - prefs.js..extensions.enabledAddons: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z013&form=ZGAADF&q="
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Monte\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Monte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Monte\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Monte\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Monte\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Monte\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/07 21:17:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/23 16:40:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/11/14 03:47:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/07 21:17:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:11:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 21:18:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/12 07:05:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/11/07 21:18:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Monte\AppData\Roaming\Move Networks [2009/12/08 19:56:01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:11:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/07 21:18:03 | 000,000,000 | ---D | M]

    [2010/07/08 06:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Extensions
    [2010/02/25 00:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/08/09 17:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/11/15 13:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions
    [2010/08/05 14:02:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/10/02 15:52:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/08/14 17:50:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/11/06 16:16:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/11/06 16:16:53 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2012/04/01 17:49:11 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\DeviceDetection@logitech.com
    [2011/03/23 16:56:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\engine@conduit.com
    [2008/01/19 00:49:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\njvwzmlukh@njvwzmlukh.org.xpi
    [2012/08/24 20:17:20 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    [2012/11/15 13:55:37 | 000,328,449 | ---- | M] () (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
    [2011/10/29 10:11:03 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2010/10/15 07:53:01 | 000,002,427 | ---- | M] () -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\askcom.xml
    [2011/03/11 23:55:02 | 000,001,919 | ---- | M] () -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\bing-zugo.xml
    [2012/10/27 14:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/27 14:11:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/10/27 14:11:05 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2007/03/03 04:10:10 | 000,741,376 | ---- | M] (Lizardtech Software) -- C:\Program Files\mozilla firefox\plugins\npexview.dll
    [2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/11/07 21:16:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
    [2012/08/29 16:12:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 07:39:04 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
  16. naime

    naime TS Rookie Topic Starter Posts: 16

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Monte\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Monte\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Monte\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Express View (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npexview.dll
    CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Monte\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Monte\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Monte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Monte\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
    CHR - Extension: Gmail = C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012/11/18 17:54:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001..\Run: [Facebook Update] C:\Users\Monte\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - HKLM..\RunOnce: [Z1] C:\Users\Monte\Downloads\mbar-1.01.0.1009\mbar\mbar.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Monte\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Monte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Ranges: GD ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005\..Trusted Ranges: Range1 ([http] in )
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.yorkphoto.com/YorkActivia.cab (Snapfish Activia)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1230483963631 (WUWebControl Class)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254084723854 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC6BF36-DCC7-4E96-BE29-4C5E64DCB0C2}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Monte\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Monte\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/11 06:42:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [1999/11/29 09:33:10 | 000,013,038 | R--- | M] () - E:\automenu.apm -- [ CDFS ]
    O32 - AutoRun File - [1999/02/02 21:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - E:\automenu.exe -- [ CDFS ]
    O32 - AutoRun File - [1999/11/24 08:53:44 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
    O32 - AutoRun File - [1999/11/29 07:15:04 | 000,012,496 | R--- | M] () - E:\autorun.apm -- [ CDFS ]
    O32 - AutoRun File - [1998/10/06 14:02:02 | 000,086,528 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [1999/11/29 07:18:22 | 000,000,030 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [1998/10/14 11:00:06 | 000,009,369 | R--- | M] () - E:\autorun.tre -- [ CDFS ]
    O32 - AutoRun File - [1996/11/07 12:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
    O32 - AutoRun File - [1999/10/07 13:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
    O32 - AutoRun File - [1999/02/02 21:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [1999/04/15 09:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/18 18:16:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monte\Desktop\OTL.exe
    [2012/11/18 17:55:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/18 17:39:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/18 17:39:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/18 17:39:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/18 17:33:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/18 17:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/18 17:29:19 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Monte\Desktop\ComboFix.exe
    [2012/11/18 14:50:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Monte\Desktop\aswMBR.exe
    [2012/11/18 14:46:56 | 000,000,000 | ---D | C] -- C:\Users\Monte\Desktop\RK_Quarantine
    [2012/11/07 21:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/11/07 21:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2012/10/27 14:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/18 18:20:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/18 18:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monte\Desktop\OTL.exe
    [2012/11/18 18:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001UA.job
    [2012/11/18 18:04:58 | 000,019,203 | ---- | M] () -- C:\Users\Monte\Desktop\Combofix.text
    [2012/11/18 17:54:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/11/18 17:46:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 17:46:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 17:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/18 17:29:33 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Monte\Desktop\ComboFix.exe
    [2012/11/18 17:13:52 | 000,000,512 | ---- | M] () -- C:\Users\Monte\Desktop\MBR.dat
    [2012/11/18 16:00:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001UA.job
    [2012/11/18 14:51:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Monte\Desktop\aswMBR.exe
    [2012/11/18 14:46:39 | 000,729,088 | ---- | M] () -- C:\Users\Monte\Desktop\winlogon.com.exe
    [2012/11/18 12:47:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/11/18 08:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/17 23:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001Core.job
    [2012/11/17 19:00:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3865680156-4124916260-4070375899-1001Core.job
    [2012/11/17 13:29:26 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/11/17 13:29:26 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/14 06:46:46 | 000,000,900 | ---- | M] () -- C:\Users\Monte\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/11/14 03:46:52 | 002,583,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/11/14 03:46:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/14 03:44:57 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/14 03:43:53 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000003-00001102-00000005-60031102}.rfx
    [2012/11/14 03:43:53 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-00000003-00001102-00000005-60031102}.rfx
    [2012/11/14 03:43:53 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-00000003-00001102-00000005-60031102}.rfx
    [2012/11/09 20:03:06 | 000,508,438 | ---- | M] () -- C:\Users\Monte\Desktop\DSCN0096.JPG
    [2012/11/08 22:40:58 | 000,002,044 | ---- | M] () -- C:\Users\Monte\Desktop\Google Chrome.lnk
    [2012/11/08 22:40:58 | 000,002,006 | ---- | M] () -- C:\Users\Monte\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/11/07 21:17:45 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/11/07 21:16:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2012/11/07 21:13:39 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/11/07 20:57:24 | 000,092,382 | ---- | M] () -- C:\Users\Monte\Desktop\RYAN SAT ENTRANCE TICKET.pdf
    [2012/10/28 12:55:00 | 000,049,016 | ---- | M] () -- C:\Users\Monte\Desktop\this-is-true-16-3.jpg
    [2012/10/20 22:00:03 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/18 18:04:58 | 000,019,203 | ---- | C] () -- C:\Users\Monte\Desktop\Combofix.text
    [2012/11/18 17:39:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/18 17:39:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/18 17:39:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/18 17:39:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/18 17:39:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/18 17:13:52 | 000,000,512 | ---- | C] () -- C:\Users\Monte\Desktop\MBR.dat
    [2012/11/18 14:46:32 | 000,729,088 | ---- | C] () -- C:\Users\Monte\Desktop\winlogon.com.exe
    [2012/11/09 20:01:56 | 000,508,438 | ---- | C] () -- C:\Users\Monte\Desktop\DSCN0096.JPG
    [2012/11/07 21:17:45 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/11/07 21:13:39 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/11/07 21:13:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/11/07 20:57:24 | 000,092,382 | ---- | C] () -- C:\Users\Monte\Desktop\RYAN SAT ENTRANCE TICKET.pdf
    [2012/10/28 12:55:00 | 000,049,016 | ---- | C] () -- C:\Users\Monte\Desktop\this-is-true-16-3.jpg
    [2012/06/25 22:50:43 | 000,000,032 | ---- | C] () -- C:\Users\Monte\jagex_cl_runescape_LIVE.dat
    [2012/04/01 12:10:12 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/10/13 15:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2011/08/13 15:52:52 | 000,000,032 | R--- | C] () -- C:\Users\Monte\hash.dat
    [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/07/26 01:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011/05/18 15:52:48 | 000,001,940 | ---- | C] () -- C:\Users\Monte\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/22 16:23:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/11 23:54:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/03/11 23:54:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/05/27 15:17:07 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/05/27 06:21:14 | 000,077,043 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/05/03 18:54:09 | 000,000,000 | ---- | C] () -- C:\Users\Monte\jagex__preferences3.dat
    [2010/05/03 18:54:08 | 000,000,117 | ---- | C] () -- C:\Users\Monte\jagex_runescape_preferences2.dat
    [2010/05/03 18:52:58 | 000,000,046 | ---- | C] () -- C:\Users\Monte\jagex_runescape_preferences.dat
    [2010/02/25 12:01:18 | 000,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater.rbt
    [2009/11/30 14:04:16 | 000,024,206 | ---- | C] () -- C:\Users\Monte\AppData\Roaming\UserTile.png
    [2009/08/24 16:21:20 | 000,002,722 | ---- | C] () -- C:\Users\Monte\.recently-used.xbel
    [2009/08/11 13:50:23 | 000,000,206 | ---- | C] () -- C:\Users\Monte\AppData\Roaming\wklnhst.dat
    [2009/05/29 07:39:03 | 000,000,122 | ---- | C] () -- C:\Users\Monte\webct_upload_applet.properties
    [2009/04/10 08:56:24 | 000,413,996 | ---- | C] () -- C:\Users\Monte\AppData\Local\rx_image.Cache
    [2009/04/08 23:28:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/03/11 20:08:57 | 000,000,373 | ---- | C] () -- C:\Users\Monte\Documents - Shortcut.lnk
    [2008/04/10 21:54:12 | 000,000,030 | ---- | C] () -- C:\Users\Monte\.geomapapp-home
    [2008/04/10 21:35:47 | 000,001,100 | ---- | C] () -- C:\Users\Monte\AppData\Local\d3d8caps.dat
    [2008/03/30 18:43:09 | 000,022,328 | ---- | C] () -- C:\Users\Monte\AppData\Roaming\PnkBstrK.sys
    [2008/01/14 18:20:08 | 000,001,356 | ---- | C] () -- C:\Users\Monte\AppData\Local\d3d9caps.dat
    [2007/12/20 22:19:10 | 000,028,672 | ---- | C] () -- C:\Users\Monte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2008/01/20 20:03:31 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\acccore
    [2012/09/19 17:17:45 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Azureus
    [2008/03/05 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Downloaded Installations
    [2012/09/16 20:44:00 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\DVDVideoSoft
    [2012/08/14 17:50:19 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\DVDVideoSoftIEHelpers
    [2009/10/08 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\FreeVideoConverter
    [2010/05/24 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\GARMIN
    [2010/02/06 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\GetRightToGo
    [2010/10/17 11:29:59 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\GiliSoft
    [2009/08/24 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\gtk-2.0
    [2008/11/19 09:05:08 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\IObit
    [2012/05/30 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\IrfanView
    [2012/02/12 11:58:11 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Leadertech
    [2012/05/20 12:53:21 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Media Get LLC
    [2009/09/26 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\muvee Technologies
    [2009/11/30 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\PeerNetworking
    [2011/06/16 13:05:13 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Red Alert 3
    [2011/09/01 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Registry Mechanic
    [2009/01/28 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\SanDisk
    [2010/12/23 07:10:41 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Snapfish
    [2009/04/08 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\SSH
    [2009/08/11 13:50:25 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Template
    [2012/06/14 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\The Creative Assembly
    [2010/02/25 00:05:49 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Thunderbird
    [2011/05/24 19:51:44 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Tific
    [2007/12/20 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\WildTangent
    [2008/03/06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:411E1BE2
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0

    < End of report >
  17. naime

    naime TS Rookie Topic Starter Posts: 16

    Had trouble posting all in one message
  18. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..extensions.enabledAddons: njvwzmlukh@njvwzmlukh.org:2.5
      FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
      [2008/01/19 00:49:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\njvwzmlukh@njvwzmlukh.org.xpi
      [2010/10/15 07:53:01 | 000,002,427 | ---- | M] () -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\askcom.xml
      [2011/03/11 23:55:02 | 000,001,919 | ---- | M] () -- C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\bing-zugo.xml
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
      [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
      CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1001\..Trusted Ranges: GD ([http] in Local intranet)
      O15 - HKU\S-1-5-21-3865680156-4124916260-4070375899-1005\..Trusted Ranges: Range1 ([http] in )
      O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
      [2011/09/01 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Monte\AppData\Roaming\Registry Mechanic
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:411E1BE2
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  19. naime

    naime TS Rookie Topic Starter Posts: 16

    My computer froze before I could run the new OTL scan. I was forced to reboot. Should I continue in Safe Mode?
  20. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Go ahead.
  21. naime

    naime TS Rookie Topic Starter Posts: 16

    So far so good. Am about to launch the last scan, ESET online scanner. I checked the "Scan archives". However "Remove found threats" is also check. Should I uncheck it or leave as is
  22. naime

    naime TS Rookie Topic Starter Posts: 16

    All scans completed except for the ESET online scan as I await answer to the question posted


    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: njvwzmlukh@njvwzmlukh.org:2.5 removed from extensions.enabledAddons
    Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
    C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\njvwzmlukh@njvwzmlukh.org.xpi moved successfully.
    C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\askcom.xml moved successfully.
    C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\searchplugins\bing-zugo.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
    File C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3865680156-4124916260-4070375899-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 not found.
    Starting removal of ActiveX control {493ACF15-5CD9-4474-82A6-91670C3DD66E}
    C:\Windows\Downloaded Program Files\ContactFinderControl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{493ACF15-5CD9-4474-82A6-91670C3DD66E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{493ACF15-5CD9-4474-82A6-91670C3DD66E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{493ACF15-5CD9-4474-82A6-91670C3DD66E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{493ACF15-5CD9-4474-82A6-91670C3DD66E}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Users\Monte\AppData\Roaming\Registry Mechanic folder moved successfully.
    ADS C:\ProgramData\TEMP:411E1BE2 deleted successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\TEMP:7838B9E0 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 804 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 85405624 bytes
    ->Flash cache emptied: 705 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Monte
    ->Temp folder emptied: 42180371 bytes
    ->Temporary Internet Files folder emptied: 1253700 bytes
    ->Java cache emptied: 25665428 bytes
    ->FireFox cache emptied: 61591064 bytes
    ->Google Chrome cache emptied: 40280379 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 542 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 529 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 245.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: Default

    User: IUSR_NMPR

    User: Monte
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Monte
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11182012_193429


    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.54
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton 360 Premier Edition
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java 7 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
    Adobe Flash Player 11.5.502.110
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    Mozilla Thunderbird (16.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 09-11-2012
    Ran by Monte (administrator) on 18-11-2012 at 19:50:03
    Running from "C:\Users\Monte\Desktop"
    Windows Vista (TM) Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    ATTENTION!=====> local policy on IP:
    Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
    Vlue: "ActivePolicy"
    Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{af2c2b66-f1e3-4f05-b948-35670e05cc46}"


    Windows Firewall:
    =============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-10 06:13] - [2012-06-01 19:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    # AdwCleaner v2.008 - Logfile created 11/18/2012 at 19:51:47
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Monte - MONTE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Monte\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Viewpoint Manager Service

    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\ConduitEngine
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\Program Files\Vuze_Remote
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Monte\AppData\Local\Conduit
    Folder Deleted : C:\Users\Monte\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Monte\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Monte\AppData\LocalLow\Viewpoint
    Folder Deleted : C:\Users\Monte\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\Conduit
    Folder Deleted : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\ConduitEngine
    Folder Deleted : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\CT2504091
    Folder Deleted : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Folder Deleted : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\engine@conduit.com

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AF4343C-3D72-4BED-ACA8-9F5E884912F0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53EE659B-70A5-46FE-8777-B7D5817BD8AB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701643ED-AF9F-4788-BF32-618CDBE8D821}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98C0D567-7B11-40C9-83AA-09A73D641CA4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AF4343C-3D72-4BED-ACA8-9F5E884912F0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Deleted : HKLM\SOFTWARE\Software
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\Software\Vuze_Remote
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\prefs.js

    C:\Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\user.js ... Deleted !

    Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
    Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
    Deleted : user_pref("CT2504091.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.CurrentServerDate", "19-11-2012");
    Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Sat Nov 17 2012 20:52:45 GMT-0500 (Eastern Standa[...]
    Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Sun Jan 23 2011 19:35:43 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
    Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Sun Jan 23 2011 19:11:47 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Sun Jan 23 2011 19:11:47 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
    Deleted : user_pref("CT2504091.FirstServerDate", "21-1-2011");
    Deleted : user_pref("CT2504091.FirstTime", true);
    Deleted : user_pref("CT2504091.FirstTimeFF3", true);
    Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2504091.Initialize", true);
    Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
    Deleted : user_pref("CT2504091.InstalledDate", "Thu Jan 20 2011 17:02:29 GMT-0500 (Eastern Standard Time)");
    Deleted : user_pref("CT2504091.IsGrouping", false);
    Deleted : user_pref("CT2504091.IsMulticommunity", false);
    Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Nov 18 2012 17:11:36 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Sun Jan 23 2011 19:11:47 GMT-0500 (Eastern Standard Time)"[...]
    Deleted : user_pref("CT2504091.LastLogin_3.12.2.3", "Sun Jun 03 2012 10:35:21 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 22 2012 16:22:10 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Fri Aug 24 2012 20:28:29 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Tue Nov 06 2012 14:03:51 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2504091.LastLogin_3.16.0.3", "Sun Nov 18 2012 18:39:13 GMT-0500 (Eastern Standard Time)[...]
    Deleted : user_pref("CT2504091.LatestVersion", "3.16.0.3");
    Deleted : user_pref("CT2504091.Locale", "en-us");
    Deleted : user_pref("CT2504091.LoginCache", 4);
    Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
    Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Nov 18 2012 17:11:36 GMT-0500 (Eastern Stand[...]
    Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Nov 18 2012 17:11:36 GMT-0500 (Eastern Standard [...]
    Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sun Nov 18 2012 19:09:09 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2504091.SettingsLastUpdate", "1352140971");
    Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Jan 20 2011 17:02:28 GMT-0500 (Eastern Sta[...]
    Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
    Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2504091.UserID", "UN07068434322501804");
    Deleted : user_pref("CT2504091.alertChannelId", "897164");
    Deleted : user_pref("CT2504091.clientLogIsEnabled", true);
    Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2504091.initDone", true);
    Deleted : user_pref("CT2504091.myStuffEnabled", true);
    Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
    Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2504091.testingCtid", "");
    Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sun Nov 18 2012 17:11:36 GMT-0500 (Eastern S[...]
    Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2504091.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,ConduitEngine");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 17:56:27 GMT-04[...]
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 04 2011 08:56:23 GMT-0400 (Easte[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 04 2011 08:56:15 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "2abdd007-deff-4bbe-b3e1-95aa53da6630");
    Deleted : user_pref("CommunityToolbar.globalUserId", "83fdaf88-d4f5-4df3-8155-19f24489694a");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jul 27 2011 17:20:27 GMT-0400 (Eastern Dayl[...]
    Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
    Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Aug 02 2011 16:07:21 GMT-0400 (Eastern Da[...]
    Deleted : user_pref("ConduitEngine.FirstServerDate", "03/24/2011 00");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 23 2011 17:56:28 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Aug 04 2011 08:56:15 GMT-0400 (Eastern Day[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Aug 04 2011 08:56:15 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Aug 04 2011 08:56:15 GMT-0400 (Eastern Dayligh[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN64214927854559757");
    Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Aug 04 2011 08:56:15 GMT-0400 (Easte[...]
    Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Aug 04 2011 20:56:13 GMT-0400 (East[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    Deleted : user_pref("ConduitEngine.usagesFlag", 2);

    Profile name : default
    File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7z1684x2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [21887 octets] - [18/11/2012 19:51:47]

    ########## EOF - C:\AdwCleaner[S1].txt - [21948 octets] ##########
  23. naime

    naime TS Rookie Topic Starter Posts: 16

    Results of ESET scan. Nothing was deleted.

    C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\background.html Win32/BHO.OEI trojan
    C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\ContentScript.js Win32/BHO.OEI trojan
    C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011].zip HTML/ScrInject.B.Gen virus
    C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011]\Password.html HTML/ScrInject.B.Gen virus
    C:\Users\Monte\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
    C:\Users\Monte\Downloads\musicoasis.exe probably a variant of Win32/InstallIQ application
    C:\Users\Monte\Downloads\Xvid-Setup-dm-9.exe Win32/Toolbar.Zugo application
    C:\_OTL\MovedFiles\11182012_193429\C_Users\Monte\AppData\Roaming\Mozilla\Firefox\Profiles\cahndjyu.default\extensions\njvwzmlukh@njvwzmlukh.org.xpi JS/Redirector.NCA trojan
  24. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Why?
    You changed Eset settings.
    Why?
    We'll use OTL to remove them.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Files
      C:\Users\Monte\Downloads\Xvid-Setup-dm-9.exe
      C:\Users\Monte\Downloads\musicoasis.exe
      C:\Users\Monte\Downloads\CouponPrinter.exe
      C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011]\Password.html
      C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011].zip
      C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\ContentScript.js
      C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\background.html
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ======================================

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =====================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
    naime likes this.
  25. naime

    naime TS Rookie Topic Starter Posts: 16

    Broni,

    Can't thank you enough for carry me through all these different steps to clean up my computer. Everything appears to be running fine. I will follow all your weekly recommendations.

    All processes killed
    ========== OTL ==========
    ========== FILES ==========
    C:\Users\Monte\Downloads\Xvid-Setup-dm-9.exe moved successfully.
    C:\Users\Monte\Downloads\musicoasis.exe moved successfully.
    C:\Users\Monte\Downloads\CouponPrinter.exe moved successfully.
    C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011]\Password.html moved successfully.
    C:\Users\Monte\Desktop\Ryan Music\Lil Wayne - Carter 4 [2011].zip moved successfully.
    C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\ContentScript.js moved successfully.
    C:\Users\Monte\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjdedcgfdbgddddjdidededadjdf\background.html moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Monte
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 666165 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 60492982 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1994 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 58.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: Default

    User: IUSR_NMPR

    User: Monte
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Monte
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11192012_211247

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.