TechSpot

IC8D1A13...infection

Solved
By randy
Jul 12, 2012
  1. randy

    randy TS Rookie Topic Starter Posts: 79

    avg back up and running...firewalls activated...BUT the same window popped up in the middle of screen while programs were loading after reboot (AVG was installed) backdoor trojan threat detected..????

    I have to quit for the night Broni..sorry man and thanks for your continued support and putting up with me..
     
  2. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Not a problem.
    I need to know what exact file and in what location is indicated by AVG.
     
    randy likes this.
  3. randy

    randy TS Rookie Topic Starter Posts: 79

    I will get that to you tonight..
     
  4. randy

    randy TS Rookie Topic Starter Posts: 79

    C:\windows\system32\mrv6x32p.dll

    going to run the last program you gave me last night now
     
  5. randy

    randy TS Rookie Topic Starter Posts: 79

    OTL logfile created on: 7/20/2012 5:22:02 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Randy Enns\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.77% Memory free
    3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.86% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 138.80 Gb Total Space | 105.40 Gb Free Space | 75.94% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 7.95 Gb Free Space | 79.44% Space Free | Partition Type: NTFS

    Computer Name: RANDY | User Name: Randy Enns | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/20 17:19:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
    PRC - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/10 13:04:48 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/10/12 09:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 23:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 09:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 09:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/06/01 13:28:14 | 001,545,144 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    PRC - [2010/09/06 14:23:52 | 000,542,064 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/08/02 03:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2006/08/02 03:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2006/08/02 03:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2006/05/19 14:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
    PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2006/03/02 02:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2006/02/07 19:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2005/08/16 14:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    PRC - [2005/06/01 00:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2005/05/31 23:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    PRC - [2004/08/27 11:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/10 13:04:59 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
    MOD - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    MOD - [2012/07/10 13:04:48 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/09/27 09:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 09:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/04 19:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/08/02 03:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2006/08/02 03:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2006/06/23 16:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
    MOD - [2005/11/23 17:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
    MOD - [2004/09/09 19:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\Everio MediaBrowser 3\pxl_m17n_tool.dll
    MOD - [2004/07/20 20:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2.dll -- (ZDCNDIS5)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symndis.dll -- (YahooAUService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (X10UIF)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_fltr.dll -- (WmXlCore)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zd1211u(zydas).dll -- (winpower)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viamraid.dll -- (websenseclientdeployservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zunenetworksvc.dll -- (wcontrol)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetdhcp.dll -- (w810bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regmon701.dll -- (w300mdm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (vxsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (UxTuneUp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (UVCFTR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525mdm.dll -- (usbcm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Si3132r5.dll -- (ufad-ws60)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (tunnelguardservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ndisipo.dll -- (TPECioCtl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (tomcatcws3)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uiusys.dll -- (tb2launch)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (superproserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tiwlnsvc.dll -- (ssmdrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acpiec.dll -- (ssm_mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbohci.dll -- (ss_bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnshay.dll -- (sqlagent$soshome22)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SDdriver.dll -- (sqlagent$sony_mediamgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (SNTIE)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\artourservice.dll -- (SiSRaid2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (se58mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smsmdd.dll -- (se58bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w300mdfl.dll -- (se44mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (se44bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MR97310_USB_DUAL_CAMERA.dll -- (sdhelper)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpcnet.dll -- (s616obex)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616nd5.dll -- (s616mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FreeTdi.dll -- (s116bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2hib.dll -- (roxupnprenderer)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awservice.dll -- (rnadirectory)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RadProbe.dll -- (REVOSENS)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msftesql.dll -- (REVO)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rdnaoflsvc.dll -- (retroexplauncher)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symredrv.dll -- (raysatxsi5_0server)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbpvr.dll -- (RapiMgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecamserver.dll -- (qbposdbservices)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HabuFltr.dll -- (ps2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWSAP.dll -- (procdd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (PID_08A0)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_fltr.dll -- (pdlnemap)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (pdlncfwk)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshasp.dll -- (parallel)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll -- (oracle_load_balancer_60_client-forms6ip9)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mdfl.dll -- (obvious)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042mou.dll -- (mwstick)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NMSSvc.dll -- (mwssched)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\delldmi.dll -- (mssql$microsoftsmlbiz)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqarray.dll -- (MSMQ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtport.dll -- (MSICPL)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (mrvw245)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epgspooler.dll -- (mozyFilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\haspnt.dll -- (mclogmanagerservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsbus.dll -- (mcdetect.exe)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\syslogd.dll -- (McciCMService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LRMINIPORT.dll -- (mcafeeframework)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (lxct_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sentinelprotectionserver.dll -- (lgsnd_filter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicconfigsvc.dll -- (KR10N)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525mdfl.dll -- (kodakccs)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\V0070VID.dll -- (kerbkey)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtfilter.dll -- (k750bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z800mdm.dll -- (JRAID)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaD10BA.dll -- (igniteservice.exe)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgsvcgen.dll -- (iaimfp4)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SlNtHal.dll -- (hwpsgt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IntuitUpdateService.dll -- (hnmsvc)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UBHelper.dll -- (gdihook5)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slssvc.dll -- (FINEPIX_PCC)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PD0620VID.dll -- (dphost)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetTcpActivator.dll -- (dot4ufd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\defragfs.dll -- (d-link_st3402)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecalertserver.dll -- (Defrag32b)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usb20l.dll -- (datunidr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\savscan.dll -- (cvspydr2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\splitter.dll -- (cpqfws2e)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmudau.dll -- (cpqdfw)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mdm.dll -- (ccalib8)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpntsrv.dll -- (captureservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccproxy.dll -- (btwdins)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTL8023xp.dll -- (btkrnl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiSRaid.dll -- (btfirst)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (BoiHwsetup)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (backupexecalertserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonywbms.dll -- (avinitnt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsndres.dll -- (ATMsrvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (amfilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vds.dll -- (adihdaudaddservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (adfs)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (aamqdispatcher)
    SRV - [2012/07/17 17:35:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/12 09:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/10/07 12:30:28 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/08/02 09:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/02/23 13:55:56 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe -- (GoToAssist Express Customer)
    SRV - [2006/02/07 19:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/07 09:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 09:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 09:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 09:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 04:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 04:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/07/11 04:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/05/10 10:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2009/08/06 00:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2007/04/03 00:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2006/08/02 04:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/05/30 19:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
    DRV - [2006/05/04 18:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/12/12 20:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/11/29 21:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
    DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/06/01 14:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=107&systemid=2&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 12 05 11 4A 64 CB 01 [binary data]
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=913FF6F9-1C2E-4E95-86B6-EF77640CFA6D
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...786bf9d4bd1&lang=en&ds=AVG&pr=fr&d=2012-01-25 08:47:18&v=11.1.0.12&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=107&systemid=2&q={searchTerms}
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{F87677B9-16BF-4098-8031-ED3F0C7DE392}: "URL" = http://search.avg.com/?d=4d537ace&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{F901F1B7-8A11-4814-9AD0-980571FEE566}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://canuckscorner.com/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
    FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 13:05:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:35:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/12 16:00:35 | 000,000,000 | ---D | M]

    [2011/08/05 20:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Extensions
    [2010/10/25 20:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/07/16 11:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions
    [2010/05/26 23:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/07/16 11:44:52 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/08/05 20:28:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    [2010/10/29 08:11:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml
    [2010/02/24 11:05:27 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\bing.xml
    [2011/08/05 20:27:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\SearchResults.xml
    [2012/07/12 16:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/22 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/10 13:05:11 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.12
    [2011/07/25 16:47:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/07/17 17:35:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/07/25 16:47:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/10 13:04:35 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/09/23 13:30:07 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/07/12 16:00:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/08/05 20:27:48 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    [2012/07/12 16:00:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/19 21:56:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
    O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor 3.lnk = C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{762FBD51-8777-4DD8-B6E4-C3C9D20C54D2}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Randy Enns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Randy Enns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/29 18:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/20 17:19:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
    [2012/07/19 22:26:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/07/19 21:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/07/19 20:31:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/07/19 20:29:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/19 20:29:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/19 20:29:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/19 20:29:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/19 20:13:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/19 20:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/07/19 19:55:15 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Randy Enns\Desktop\ComboFix.exe
    [2012/07/18 23:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Desktop\compfix
    [2012/07/18 21:01:05 | 000,000,000 | ---D | C] -- C:\Avenger
    [2012/07/18 20:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Application Data\Malwarebytes
    [2012/07/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/07/18 20:15:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/07/18 20:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/14 21:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
    [2012/07/14 16:12:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Randy Enns\Recent
    [2012/07/12 22:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums_files
    [2012/07/12 16:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/07/12 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/07/11 14:07:20 | 000,000,000 | ---D | C] -- C:\3359bb307089d46d58a69cb8
    [2012/07/11 14:06:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/11 13:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\AVG Secure Search
    [2012/07/07 11:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Application Data\AVG Secure Search
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/20 17:29:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/07/20 17:19:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
    [2012/07/20 17:08:54 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/07/20 17:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/20 17:08:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
    [2012/07/20 17:06:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/20 17:06:41 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/20 12:11:36 | 101,781,069 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/07/19 21:56:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/19 20:32:01 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/07/19 19:55:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Randy Enns\Desktop\ComboFix.exe
    [2012/07/18 20:15:55 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/16 12:45:39 | 000,445,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/07/16 12:45:39 | 000,073,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/07/14 20:18:46 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\cdrescue.vbs
    [2012/07/12 22:28:59 | 000,094,028 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums.htm
    [2012/07/12 16:02:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/12 13:20:52 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/07/12 13:09:24 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/07/11 18:48:00 | 000,312,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/07/07 16:47:11 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\bobo.bmp
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/19 21:54:33 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
    [2012/07/19 20:32:01 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2012/07/19 20:31:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/07/19 20:29:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/19 20:29:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/19 20:29:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/19 20:29:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/19 20:29:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/18 20:15:55 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/14 20:18:46 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\cdrescue.vbs
    [2012/07/12 22:28:58 | 000,094,028 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums.htm
    [2012/07/12 16:00:36 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/07 16:47:07 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\bobo.bmp
    [2012/04/07 19:10:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/12 11:40:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2008/12/29 20:39:49 | 000,258,348 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\rx_image32.Cache
    [2008/05/20 20:46:41 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Application Data\sdi.db
    [2008/01/12 23:06:59 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/04/25 12:02:40 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/14 11:47:09 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========
     
  6. randy

    randy TS Rookie Topic Starter Posts: 79

    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
    [2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
    [2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
    [2012/07/12 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012/01/25 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2012/01/25 11:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/07/24 18:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2011/08/16 18:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/02/10 00:41:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/09/04 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
    [2012/04/07 18:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/07/20 12:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/10/15 11:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2011/03/31 18:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Print2RDP Client
    [2011/07/25 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2008/12/29 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/07/24 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
    [2008/12/29 20:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2011/08/16 18:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{309C802B-A076-4563-B164-B62C0C145153}
    [2011/02/11 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/26 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser.RANDY\Application Data\toshiba
    [2008/12/27 19:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\585Soft
    [2012/07/07 11:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG Secure Search
    [2012/01/25 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG2012
    [2011/07/25 16:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\BabylonToolbar
    [2011/07/25 16:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\bsbandmltbpi
    [2009/06/26 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Citrix
    [2011/01/01 22:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\FrostWire
    [2012/03/18 14:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\ICAClient
    [2009/05/12 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\InterVideo
    [2011/12/12 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\mediabarbs
    [2007/02/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\MSNInstaller
    [2011/07/25 16:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\OpenCandy
    [2007/02/13 23:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Opera
    [2008/12/27 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\RhinoSoft.com
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\toshiba
    [2010/11/09 20:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Uniblue
    [2010/12/03 22:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Windows Live Writer
    [2007/02/18 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\MSNInstaller
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\toshiba
    [2012/01/25 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG Secure Search
    [2012/01/25 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG2012
    [2011/09/23 13:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\Babylon
    [2011/09/08 12:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\BabylonToolbar
    [2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\bsbandmltbpi
    [2012/03/16 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\FrostWire
    [2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\mediabarbs
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\toshiba
    [2012/07/20 17:08:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
    [2012/07/20 17:29:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream

    < End of report >
     
  7. randy

    randy TS Rookie Topic Starter Posts: 79

    there is not a file named extras.text and an error message popped up :

    win32error code 1500
    event log file is corrupted
     
  8. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (superproserver)
      PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      [2010/10/29 08:11:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O4 - Startup: C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk = File not found
      O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
      [2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  9. randy

    randy TS Rookie Topic Starter Posts: 79

    Otl runfix take a long time, I cant tell if its running
     
  10. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Stop it. Restart in safe mode and run it from there.
     
  11. randy

    randy TS Rookie Topic Starter Posts: 79

    Everything frozen. Ctrl alt delete not even working
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Restart manually to safe mode.
     
  13. randy

    randy TS Rookie Topic Starter Posts: 79

    I should have pasted your code to my desktop...
     
  14. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    I'm not sure what you're saying.
     
  15. randy

    randy TS Rookie Topic Starter Posts: 79

    Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
     
  16. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Yes, but restart to safe mode and run the fix from there.
     
  17. randy

    randy TS Rookie Topic Starter Posts: 79

    Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
     
  18. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Read my previous reply.
     
  19. randy

    randy TS Rookie Topic Starter Posts: 79

    All processes killed
    ========== OTL ==========
    Service superproserver stopped successfully!
    Service superproserver deleted successfully!
    File %systemroot%\system32\MRV6X32P.dll not found.
    No active process named Updater.exe was found!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.order.1
    C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\All Users\Application Data\131C folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\1A399 folder moved successfully.
    ADS C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream deleted successfully.
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LogMeInRemoteUser.RANDY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 27621 bytes
    ->Flash cache emptied: 15571 bytes

    User: Randy Enns
    ->Temp folder emptied: 20427808 bytes
    ->Temporary Internet Files folder emptied: 755301 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 75541954 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2185 bytes

    User: Tana
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Tana Lynn
    ->Temp folder emptied: 1190419 bytes
    ->Temporary Internet Files folder emptied: 1264013 bytes
    ->Java cache emptied: 6058897 bytes
    ->FireFox cache emptied: 94665085 bytes
    ->Flash cache emptied: 96726 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68875 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 191.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: LogMeInRemoteUser

    User: LogMeInRemoteUser.RANDY

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Randy Enns
    ->Java cache emptied: 0 bytes

    User: Tana

    User: Tana Lynn
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: LogMeInRemoteUser

    User: LogMeInRemoteUser.RANDY

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Randy Enns
    ->Flash cache emptied: 0 bytes

    User: Tana

    User: Tana Lynn
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07202012_205126

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  20. randy

    randy TS Rookie Topic Starter Posts: 79

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.0
    CCleaner (remove only)
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  21. randy

    randy TS Rookie Topic Starter Posts: 79

    Farbar Service Scanner Version: 19-07-2012
    Ran by Randy Enns (administrator) on 20-07-2012 at 21:04:52
    Running from "C:\Documents and Settings\Randy Enns\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(9) fssfltr(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
    0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
     
  22. randy

    randy TS Rookie Topic Starter Posts: 79

    On eset,the timer is running but files scanned not Increasing..
     
  23. Broni

    Broni Malware Annihilator Posts: 48,043   +271

    Be patient.
     
  24. randy

    randy TS Rookie Topic Starter Posts: 79

  25. randy

    randy TS Rookie Topic Starter Posts: 79

    C:\Documents and Settings\Randy Enns\Application Data\OpenCandy\OpenCandy_1198725F1E3F46B0A8223DEE8E9FDA34\registrybooster(1).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\Desktop\computerprograms\noadware.exe multiple threats cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\Desktop\Tana\Tana Lynn\My Documents\FlvPlayerSetup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent(2).exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Tana Lynn\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_22.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_36.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_4.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_84.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_32.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_34.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_39.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_75.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_13.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_30.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_80.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_88.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting (after the next restart) - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133144.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133145.exe multiple threats cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133146.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133147.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133148.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133149.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133150.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133151.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133152.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133153.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133154.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133155.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133156.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133157.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133158.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133159.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133160.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133161.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133162.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133163.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133164.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133165.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133166.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133167.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    Operating memory a variant of Win32/Toolbar.SearchSuite application



    *I think it said 50 of 51 fixed
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.