Laptop running painfully slow

Solved
By mikeyj67
Jan 19, 2013
  1. Laptop started running very slow the past couple of days. Norton and Mbam do not find anything in their scans. Do you think I am infected based on the logs?



    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.18.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Johnson :: JOHNSON-77F3B3C [administrator]

    1/18/2013 5:45:54 PM
    mbam-log-2013-01-18 (17-45-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224446
    Time elapsed: 15 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)








    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
    Run by Johnson at 17:48:06 on 2013-01-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.808 [GMT -7:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
    C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Conexant\SmartAudio\SmAudio.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\PdaNet for Android\PdaNetPC.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = ;192.168.*.*
    BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Google Update] "c:\documents and settings\johnson\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Nike+ Connect] "c:\documents and settings\johnson\local settings\application data\nike\nike+ connect\Nike+ Connect daemon.exe"
    uRun: [Updater21804.exe] c:\documents and settings\johnson\local settings\application data\updater21804\Updater21804.exe /extensionid=21804 /extensionname='Coupon Companion Plugin' /chromeid=jneaojaoiajhnemidnjhoempalnidbhj /stayidle /delay=300
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SmAudio] c:\program files\conexant\smartaudio\SmAudio.exe -c
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NWEReboot] <no file>
    StartupFolder: c:\docume~1\johnson\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357792319234
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE} : DHCPNameServer = 192.168.0.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\
    FF - prefs.js: browser.startup.homepage - comcast.net/a
    FF - plugin: c:\documents and settings\johnson\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2013-01-13 18:45; extension21804@extension21804.com; c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
    FF - ExtSQL: 2013-01-13 19:13; wecarereminder@bryan; c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\extensions\wecarereminder@bryan
    FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-9-13 299280]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67656]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-2 132056]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.11.20\ccSvcHst.exe [2011-8-31 126392]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-2-24 1294904]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-2-24 656440]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20130117.001\IDSXpx86.sys [2013-1-17 373728]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-18 40776]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20130118.007\NAVENG.SYS [2013-1-18 93296]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20130118.007\NAVEX15.SYS [2013-1-18 1603824]
    R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
    R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-12-10 13312]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9e338756ac4d8;Google Update Service (gupdate1c9e338756ac4d8);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-12 80184]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-8-13 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-2-24 25856]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
    S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2007-6-7 148056]
    S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [2007-9-20 9728]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-11-24 9472]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-12 181432]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-24 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-12-5 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-12-5 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-12-5 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-12-5 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-12-5 25704]
    .
    =============== File Associations ===============
    .
    ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2013-01-19 00:45:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-18 20:03:41 -------- d-----w- C:\N360_BACKUP
    2013-01-14 01:45:33 -------- d-----w- c:\documents and settings\johnson\local settings\application data\Updater21804
    2013-01-14 01:44:42 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
    2013-01-14 01:44:23 -------- d-----w- c:\program files\Coupon Companion Plugin
    2013-01-10 18:27:45 -------- d-sh--w- c:\documents and settings\johnson\IETldCache
    2013-01-10 05:50:59 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2013-01-10 05:49:51 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2013-01-10 05:49:15 -------- d-----w- c:\windows\ie8updates
    2013-01-10 05:48:28 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2013-01-10 05:48:28 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2013-01-10 05:48:28 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2013-01-10 05:44:41 -------- dc-h--w- c:\windows\ie8
    2013-01-10 05:06:24 -------- d-----w- c:\windows\system32\winrm
    2013-01-10 05:06:20 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2013-01-10 05:01:53 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2013-01-10 05:01:53 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
    2013-01-10 05:01:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2013-01-10 05:01:53 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
    2013-01-10 05:01:53 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
    2013-01-10 05:01:53 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2013-01-10 05:01:53 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
    2013-01-10 05:01:53 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 16:46:37 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-09 16:46:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 16:46:31 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 18:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 17:50:56.78 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there, let's run the following:

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  3. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    # AdwCleaner v2.106 - Logfile created 01/19/2013 at 12:15:20
    # Updated 17/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Johnson - JOHNSON-77F3B3C
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Johnson\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
    Folder Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\wecarereminder@bryan

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\iWon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\prefs.js

    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358127831);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
    Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358127831");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358127831");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 1[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jan 20 201[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358622266");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677915%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358129719099");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22130781%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358129665118");
    Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
    Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sat Jan [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
    Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
    Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 15);
    Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
    Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
    Deleted : user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
    Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
    Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358129641);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22643667);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22643708);
    Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
    Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
    Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
    Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
    Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

    -\\ Google Chrome v24.0.1312.52

    File : C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [19827 octets] - [19/01/2013 12:10:17]
    AdwCleaner[S2].txt - [19845 octets] - [19/01/2013 12:15:20]

    ########## EOF - C:\AdwCleaner[S2].txt - [19906 octets] ##########
  4. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    Can't find MBR.dat







    # AdwCleaner v2.106 - Logfile created 01/19/2013 at 12:15:20
    # Updated 17/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Johnson - JOHNSON-77F3B3C
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Johnson\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
    Folder Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\wecarereminder@bryan

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\iWon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\prefs.js

    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358127831);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
    Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358127831");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358127831");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 1[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jan 20 201[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358622266");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677915%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358129719099");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22130781%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358129665118");
    Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
    Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sat Jan [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
    Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
    Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 15);
    Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
    Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
    Deleted : user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
    Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
    Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358129641);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22643667);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22643708);
    Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
    Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
    Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
    Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
    Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

    -\\ Google Chrome v24.0.1312.52

    File : C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [19827 octets] - [19/01/2013 12:10:17]
    AdwCleaner[S2].txt - [19845 octets] - [19/01/2013 12:15:20]

    ########## EOF - C:\AdwCleaner[S2].txt - [19906 octets] ##########









    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.5 (01.19.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Johnson on Sat 01/19/2013 at 20:14:43.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\smallfrogs studio



    ~~~ Files

    Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
    Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
    Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Johnson\Application Data\pccustubinstaller"
    Successfully deleted: [Folder] "C:\Program Files\coupons"



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\searchplugins\youtube-video-search.xml
    Successfully deleted the following from C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\prefs.js

    user_pref("extensions.crossrider.bic", "1350d081d88acb86215598cfe049596a");
    user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358651063);
    user_pref("extensions.crossriderapp21804.21804.active", true);
    user_pref("extensions.crossriderapp21804.21804.addressbar", "");
    user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
    user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
    user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
    user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
    user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
    user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
    user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358651063");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358651063");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 20:13:58 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sat Jan 26 2013 20:08:58 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358651642");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22100086%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22100086%
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677761%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22133177%22");
    user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358651336930");
    user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
    user_pref("extensions.crossriderapp21804.21804.domain", "");
    user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
    user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
    user_pref("extensions.crossriderapp21804.21804.group", 0);
    user_pref("extensions.crossriderapp21804.21804.homepage", "");
    user_pref("extensions.crossriderapp21804.21804.iframe", false);
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sun Jan 20 2013 02:04:25 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
    user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
    user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:
    user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
    user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
    user_pref("extensions.crossriderapp21804.21804.newtab", "");
    user_pref("extensions.crossriderapp21804.21804.opensearch", "");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(d){console.log(d)},fac
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);}
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
    user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
    user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
    user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,22,72,1000014,28");
    user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    user_pref("extensions.crossriderapp21804.21804.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21804/plugins/087/ff/plugins.json");
    user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
    user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
    user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
    user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
    user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
    user_pref("extensions.crossriderapp21804.21804.thankyou", "");
    user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
    user_pref("extensions.crossriderapp21804.21804.ver", 15);
    user_pref("extensions.crossriderapp21804.apps", "21804");
    user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
    user_pref("extensions.crossriderapp21804.cid", 21804);
    user_pref("extensions.crossriderapp21804.firstrun", false);
    user_pref("extensions.crossriderapp21804.hadappinstalled", true);
    user_pref("extensions.crossriderapp21804.installationdate", 1358651063);
    user_pref("extensions.crossriderapp21804.lastcheck", 22644184);
    user_pref("extensions.crossriderapp21804.lastcheckitem", 22644189);
    user_pref("extensions.crossriderapp21804.modetype", "production");
    user_pref("extensions.crossriderapp21804.reportInstall", true);
    user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
    Emptied folder: C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\minidumps [59 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/19/2013 at 20:27:01.92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-19 21:35:30
    -----------------------------
    21:35:30.843 OS Version: Windows 5.1.2600 Service Pack 3
    21:35:30.843 Number of processors: 2 586 0x301
    21:35:30.843 ComputerName: JOHNSON-77F3B3C UserName: Johnson
    21:35:32.859 Initialize success
    21:35:47.171 AVAST engine defs: 13011901
    21:36:10.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
    21:36:10.359 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
    21:36:10.390 Disk 0 MBR read successfully
    21:36:10.390 Disk 0 MBR scan
    21:36:10.453 Disk 0 Windows XP default MBR code
    21:36:10.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
    21:36:10.468 Disk 0 scanning sectors +625121280
    21:36:10.609 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:36:37.609 Service scanning
    21:37:17.187 Modules scanning
    21:37:38.187 AVAST engine scan C:\WINDOWS
    21:38:31.265 AVAST engine scan C:\WINDOWS\system32
    21:46:13.843 AVAST engine scan C:\WINDOWS\system32\drivers
    21:47:40.546 AVAST engine scan C:\Documents and Settings\Johnson
    22:09:49.515 AVAST engine scan C:\Documents and Settings\All Users
    22:28:28.671 Scan finished successfully
    22:42:09.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Johnson\Desktop\MBR.dat"
    22:42:09.406 The log file has been saved successfully to "C:\Documents and Settings\Johnson\Desktop\aswMBR.txt"
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  6. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    ComboFix 13-01-17.04 - Johnson 01/20/2013 15:56:45.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1720 [GMT -7:00]
    Running from: c:\documents and settings\Johnson\Desktop\Laptop Fix\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804\Updater21804.exe
    c:\documents and settings\Johnson\My Documents\~WRL0535.tmp
    c:\documents and settings\Johnson\My Documents\~WRL0821.tmp
    c:\documents and settings\Johnson\My Documents\~WRL2404.tmp
    c:\documents and settings\Johnson\My Documents\~WRL3040.tmp
    c:\documents and settings\Johnson\My Documents\~WRL3103.tmp
    c:\documents and settings\Johnson\My Documents\~WRL3107.tmp
    c:\documents and settings\Johnson\My Documents\~WRL3623.tmp
    c:\documents and settings\Johnson\My Documents\~WRL4007.tmp
    c:\documents and settings\Johnson\Recent\Thumbs.db
    c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-20 03:14 . 2013-01-20 03:14 -------- d-----w- c:\windows\ERUNT
    2013-01-20 02:43 . 2013-01-20 03:14 -------- d-----w- C:\JRT
    2013-01-19 00:45 . 2013-01-19 00:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-18 20:03 . 2013-01-18 20:03 -------- d-----w- C:\N360_BACKUP
    2013-01-14 01:45 . 2013-01-14 01:45 -------- d-----w- c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804
    2013-01-14 01:44 . 2013-01-20 23:05 -------- d-----w- c:\program files\Coupon Companion Plugin
    2013-01-10 18:27 . 2013-01-10 18:27 -------- d-sh--w- c:\documents and settings\Johnson\IETldCache
    2013-01-10 10:18 . 2013-01-10 10:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2013-01-10 05:50 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2013-01-10 05:49 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2013-01-10 05:48 . 2012-11-01 12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2013-01-10 05:48 . 2012-11-01 12:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2013-01-10 05:44 . 2013-01-10 05:48 -------- dc-h--w- c:\windows\ie8
    2013-01-10 05:06 . 2013-01-10 05:06 -------- d-----w- c:\windows\system32\winrm
    2013-01-10 05:06 . 2013-01-10 05:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2013-01-10 05:01 . 2012-11-01 12:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2013-01-10 05:01 . 2012-11-01 12:17 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2013-01-10 05:01 . 2012-11-01 00:34 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
    2013-01-10 05:01 . 2009-03-08 11:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
    2013-01-10 05:01 . 2009-03-08 11:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
    2013-01-10 05:01 . 2009-02-07 04:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
    2013-01-09 01:17 . 2013-01-09 19:43 -------- d-----w- c:\program files\Mozilla Thunderbird
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 16:46 . 2012-03-28 22:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-09 16:46 . 2011-07-26 02:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 16:46 . 2012-12-12 14:46 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-12-16 12:23 . 2004-08-04 07:56 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 23:49 . 2009-06-21 16:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25 . 2004-08-04 06:17 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 18:29 . 2012-11-08 18:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2004-08-04 07:56 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 12:17 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 00:35 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
    2013-01-19 06:05 . 2013-01-19 06:04 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_MonitoredFolder]
    @="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
    [HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
    2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_SynchronizationPending]
    @="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
    [HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
    2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_Synchronized]
    @="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
    [HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
    2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-09 94208]
    "Nike+ Connect"="c:\documents and settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-11-27 70656]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\Johnson\Start Menu\Programs\Startup\
    PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-12-10 473616]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-6 83360]
    MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [2012-9-4 56760]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-2-24 562232]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-01-23 14:58 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [10/31/2011 1:11 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [10/31/2011 1:11 PM 173176]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130111.001\BHDrvx86.sys [1/15/2013 11:23 AM 995488]
    R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [9/13/2012 9:35 PM 299280]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [10/31/2011 1:11 PM 485512]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67656]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [10/31/2011 1:11 PM 116784]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 2:00 PM 214896]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 1:11 PM 126400]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [9/2/2012 5:20 PM 132056]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 1:25 PM 87040]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe [8/31/2011 2:52 PM 126392]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2/24/2012 6:02 AM 1294904]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2/24/2012 6:02 AM 656440]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/13/2012 8:31 PM 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130118.001\IDSXpx86.sys [1/18/2013 6:05 PM 373728]
    R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [6/3/2008 8:30 AM 144672]
    R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [7/17/2008 4:01 PM 269760]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/10/2010 7:42 PM 13312]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 7:19 AM 15544]
    S2 gupdate1c9e338756ac4d8;Google Update Service (gupdate1c9e338756ac4d8);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2009 9:13 PM 133104]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/12/2012 7:22 PM 80184]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [8/13/2012 4:52 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 5:01 PM 21248]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/18/2013 5:45 PM 40776]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/24/2012 4:32 PM 25856]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [6/7/2007 4:00 PM 148056]
    S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [9/20/2007 2:59 PM 9728]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [11/24/2009 2:35 PM 9472]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/12/2012 7:22 PM 181432]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/24/2010 9:44 PM 11520]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [12/5/2012 7:00 PM 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [12/5/2012 7:00 PM 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [12/5/2012 7:00 PM 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [12/5/2012 7:01 PM 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [12/5/2012 7:01 PM 25704]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 16:46]
    .
    2013-01-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 05:15]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 04:13]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 04:13]
    .
    2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
    - c:\documents and settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 20:04]
    .
    2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
    - c:\documents and settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 20:04]
    .
    2013-01-19 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2013-01-20 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2013-01-19 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2013-01-17 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job
    - c:\program files\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-09-03 01:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = ;192.168.*.*
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\
    FF - ExtSQL: 2013-01-13 18:45; extension21804@extension21804.com; c:\documents and settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
    FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Updater21804.exe - c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804\Updater21804.exe
    HKLM-Run-NWEReboot - (no file)
    HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-20 18:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1200)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\CbFsNetRdr3.dll
    .
    - - - - - - - > 'explorer.exe'(3932)
    c:\windows\system32\WININET.dll
    c:\program files\NVIDIA Corporation\nView\nview.dll
    c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
    c:\program files\MiMedia LLC\MiMedia\sqlite3.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\CbFsNetRdr3.dll
    c:\program files\Common Files\Ahead\lib\MediaLibraryNSE.dll
    c:\program files\Common Files\Ahead\lib\MFC71U.DLL
    c:\windows\system32\nvwddi.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\qedit.dll
    c:\program files\Common Files\Ahead\DSFilter\NeVideo.ax
    c:\program files\Common Files\Ahead\lib\AdvrCntr2.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-20 18:25:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-21 01:25
    .
    Pre-Run: 269,793,783,808 bytes free
    Post-Run: 270,279,970,816 bytes free
    .
    - - End Of File - - B7FE83891869E7CC4CAF0B114336F8CA
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  8. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Johnson [Admin rights]
    Mode : Scan -- Date : 01/21/2013 15:19:09

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1454471165-1383384898-682003330-1003[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A7B8F30)
    SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A7BAC10)
    SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A9B7660)
    SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A9B84D0)
    SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A8A22B0)
    SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x889EAC50)
    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x889E9008)
    SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A7ED8A8)
    SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A990A70)
    SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A8B25D0)
    SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A9B5C00)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A7B60E0)
    SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A7B70C0)
    SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A8566B0)
    SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x889EAF70)
    SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A99E5C0)
    SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A884138)
    SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A7B8560)
    SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A9A4890)
    SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A8573E0)
    SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x889EA608)
    SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A7BE968)
    SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7E2390)
    SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7DB7C8)
    SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x8A9A4998)
    SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A986C98)
    SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7D0CB0)
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A7C0150)
    SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7D1600)
    SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A7E2468)
    SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A8D3458)
    S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A7AC950)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A82DE50)
    S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A7A6D90)
    S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89238630)
    S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AA9AFC0)
    S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89F5AAA0)
    S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A6E4700)
    S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8934F6F8)
    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A8D31A8)
    S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A6E54E8)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9320320AS +++++
    --- User ---
    [MBR] 10ba8d301134e239f8024379f2e54387
    [BSP] e155bb5a4598d638674f82dd34d32b12 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01212013_02d1519.txt >>
    RKreport[1]_S_01212013_02d1519.txt



    RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Johnson [Admin rights]
    Mode : Remove -- Date : 01/21/2013 15:22:55

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A7B8F30)
    SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A7BAC10)
    SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A9B7660)
    SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A9B84D0)
    SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A8A22B0)
    SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x889EAC50)
    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x889E9008)
    SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A7ED8A8)
    SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A990A70)
    SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A8B25D0)
    SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A9B5C00)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A7B60E0)
    SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A7B70C0)
    SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A8566B0)
    SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x889EAF70)
    SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A99E5C0)
    SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A884138)
    SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A7B8560)
    SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A9A4890)
    SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A8573E0)
    SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x889EA608)
    SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A7BE968)
    SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7E2390)
    SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7DB7C8)
    SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x8A9A4998)
    SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A986C98)
    SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7D0CB0)
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A7C0150)
    SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7D1600)
    SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A7E2468)
    SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A8D3458)
    S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A7AC950)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A82DE50)
    S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A7A6D90)
    S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89238630)
    S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AA9AFC0)
    S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89F5AAA0)
    S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A6E4700)
    S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8934F6F8)
    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A8D31A8)
    S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A6E54E8)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9320320AS +++++
    --- User ---
    [MBR] 10ba8d301134e239f8024379f2e54387
    [BSP] e155bb5a4598d638674f82dd34d32b12 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01212013_02d1522.txt >>
    RKreport[1]_S_01212013_02d1519.txt ; RKreport[2]_D_01212013_02d1522.txt





    RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Johnson [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/21/2013 15:27:32

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 12 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 215 / Fail 0
    My documents: Success 18 / Fail 18
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 80 / Fail 9
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\Harddisk1\DP(1)0-0+3 -- 0x2 --> Restored

    Finished : << RKreport[3]_SC_01212013_02d1527.txt >>
    RKreport[1]_S_01212013_02d1519.txt ; RKreport[2]_D_01212013_02d1522.txt ; RKreport[3]_SC_01212013_02d1527.txt

    Attached Files:

  9. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    OTL logfile created on: 1/21/2013 3:29:30 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Johnson\Desktop\Laptop Fix
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.88% Memory free
    4.59 Gb Paging File | 3.83 Gb Available in Paging File | 83.46% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.08 Gb Total Space | 251.78 Gb Free Space | 84.47% Space Free | Partition Type: NTFS

    Computer Name: JOHNSON-77F3B3C | User Name: Johnson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/21 14:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix\OTL.exe
    PRC - [2012/11/26 17:56:36 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    PRC - [2012/09/04 07:54:02 | 000,056,760 | ---- | M] (MiMedia LLC) -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
    PRC - [2012/08/24 07:23:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/07/03 12:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/02/24 06:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2012/02/24 06:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2012/02/24 06:02:26 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
    PRC - [2011/03/16 16:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
    PRC - [2010/11/17 11:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
    PRC - [2010/03/18 14:37:08 | 000,145,264 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buvss.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/07/24 14:37:36 | 003,495,240 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SMAUDIO.EXE
    PRC - [2005/09/09 12:26:06 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/09 22:41:38 | 002,405,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\93cb94f8a357f49b5da159a74425b77d\System.Web.Extensions.ni.dll
    MOD - [2013/01/09 22:41:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\610f66c312830e9aae20c0258b8603dd\System.Web.Abstractions.ni.dll
    MOD - [2013/01/09 22:41:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll
    MOD - [2013/01/09 22:41:17 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
    MOD - [2013/01/09 22:41:04 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
    MOD - [2013/01/09 22:40:44 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
    MOD - [2013/01/09 22:40:14 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll
    MOD - [2013/01/09 22:38:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
    MOD - [2013/01/09 22:38:00 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll
    MOD - [2013/01/09 22:37:45 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll
    MOD - [2013/01/09 22:37:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
    MOD - [2013/01/09 22:37:07 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\91442e74da926f6b2c33b5754014940d\System.IdentityModel.ni.dll
    MOD - [2013/01/09 22:32:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
    MOD - [2013/01/09 22:32:45 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
    MOD - [2013/01/09 22:32:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
    MOD - [2013/01/09 22:32:13 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
    MOD - [2013/01/09 22:32:06 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
    MOD - [2013/01/09 22:31:06 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
    MOD - [2013/01/09 22:30:58 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
    MOD - [2013/01/09 03:43:38 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2013/01/09 03:43:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2012/09/04 07:54:02 | 000,945,592 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_UI.dll
    MOD - [2012/09/04 07:54:02 | 000,910,776 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\System.Data.SQLite.dll
    MOD - [2012/09/04 07:54:02 | 000,453,560 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\sqlite3.dll
    MOD - [2012/09/04 07:54:02 | 000,243,640 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_DAL.dll
    MOD - [2012/09/04 07:54:02 | 000,105,912 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_Core.dll
    MOD - [2012/09/04 07:54:02 | 000,074,168 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_BLL.dll
    MOD - [2012/09/04 07:54:02 | 000,028,088 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_OS.dll
    MOD - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2010/11/17 11:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
    MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
    MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
    MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/01/18 23:05:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/09 09:46:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/24 07:23:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/07/03 12:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
    SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/02/24 06:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/02/24 06:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
    SRV - [2011/03/16 16:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Johnson\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
    DRV - [2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2013/01/16 08:09:35 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130120.018\NAVEX15.SYS -- (NAVEX15)
    DRV - [2013/01/16 08:09:34 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130120.018\NAVENG.SYS -- (NAVENG)
    DRV - [2012/10/23 16:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130111.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130118.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2012/08/08 21:01:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/08 21:01:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/05/25 22:18:32 | 000,299,280 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
    DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
    DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
    DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
    DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
    DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
    DRV - [2011/12/07 21:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2011/12/07 21:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
    DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
    DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
    DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2011/01/05 21:06:15 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2010/09/02 16:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
    DRV - [2010/06/22 17:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
    DRV - [2010/05/21 08:01:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
    DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
    DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
    DRV - [2010/04/05 22:23:10 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/04/05 22:23:10 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
    DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
    DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - [2009/02/13 12:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/08/25 02:22:00 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/08/01 10:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/08/01 10:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/07/17 16:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA004Vid.sys -- (OA004Vid)
    DRV - [2008/06/03 08:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA004Ufd.sys -- (OA004Ufd)
    DRV - [2008/04/27 09:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2008/04/22 06:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
    DRV - [2008/02/08 08:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2007/12/04 16:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/10/18 13:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/20 14:59:36 | 000,009,728 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\palmmdm.sys -- (palmmdm)
    DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/06/07 16:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA004Afx.sys -- (OA004Afx)
    DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/09/28 13:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
    DRV - [2003/11/30 19:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/"
    FF - prefs.js..extensions.enabledAddons: MulticolumnBookmarks%40Maxim.Kudimov:1.5
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
    FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\4.bin\NP2pEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/24 09:34:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2013/01/20 16:10:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/26 19:30:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:05:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 20:16:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 18:17:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/10 11:34:27 | 000,000,000 | ---D | M]
  10. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    [2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions
    [2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/07/07 08:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2013/01/19 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions
    [2012/10/03 10:21:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/08/22 17:40:30 | 000,000,000 | ---D | M] (Column Bookmarks FF3) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\ColumnBookmarksFF3@dischert.luc
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
    [2011/06/29 08:58:46 | 000,005,563 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\MulticolumnBookmarks@Maxim.Kudimov.xpi
    [2012/09/09 12:26:54 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/01/18 23:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/18 23:05:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/20 12:30:34 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2012/02/24 19:03:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/09/12 08:39:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/11 20:48:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/20 18:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiMedia.lnk = C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe (MiMedia LLC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O4 - Startup: C:\Documents and Settings\Johnson\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357792319234 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Johnson/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/15 00:26:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\RK_Quarantine
    [2013/01/20 20:12:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/01/20 18:27:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\PrivacIE
    [2013/01/20 15:53:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/01/20 15:53:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/01/20 15:53:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/01/20 15:53:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/01/20 15:52:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/20 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix
    [2013/01/19 20:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/01/19 19:43:16 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/18 23:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/18 17:45:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/01/18 13:03:41 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2013/01/13 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Updater21804
    [2013/01/13 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
    [2013/01/12 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\My Documents\scienceposter
    [2013/01/11 09:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\basket
    [2013/01/10 11:27:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\IETldCache
    [2013/01/09 22:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2013/01/09 22:44:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2013/01/09 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2013/01/09 22:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2013/01/09 22:06:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2013/01/09 22:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
    [2013/01/09 22:01:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2013/01/09 21:59:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
    [2013/01/09 21:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    [2013/01/09 21:58:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    [2013/01/08 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

    ========== Files - Modified Within 30 Days ==========

    [2013/01/21 15:26:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/21 15:24:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
    [2013/01/21 14:58:15 | 000,020,063 | ---- | M] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
    [2013/01/21 14:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/21 12:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2013/01/21 07:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/21 03:24:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
    [2013/01/20 20:57:44 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\PC Checkup 3 Weekly Scan.job
    [2013/01/20 20:19:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2013/01/20 18:24:54 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/01/20 18:14:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/01/20 18:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/20 16:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
    [2013/01/20 16:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/19 16:33:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
    [2013/01/19 16:33:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
    [2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/01/13 18:40:28 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Johnson\default.pls
    [2013/01/11 11:23:31 | 000,239,072 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
    [2013/01/11 08:25:17 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/11 08:25:16 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\Google Chrome.lnk
    [2013/01/10 11:27:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/09 23:00:50 | 000,524,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/09 23:00:50 | 000,095,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/09 22:51:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/09 12:47:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/07 20:48:37 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg

    ========== Files Created - No Company Name ==========

    [2013/01/21 14:58:14 | 000,020,063 | ---- | C] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
    [2013/01/20 15:53:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/01/20 15:53:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/01/20 15:53:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/01/20 15:53:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/01/20 15:53:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/01/11 11:23:31 | 000,239,072 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
    [2013/01/10 11:27:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/09 21:46:26 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2013/01/07 20:48:36 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg
    [2012/09/09 16:13:29 | 000,298,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1383384898-682003330-1003-0.dat
    [2012/09/02 21:52:07 | 000,173,974 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/06/28 18:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xscan.INI
    [2012/03/25 22:10:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/02/14 22:48:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/03 13:51:10 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/03 13:51:05 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/03 13:51:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2011/09/26 15:39:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/12 11:36:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/12/04 19:13:08 | 000,006,431 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Cabos.plist
    [2009/11/10 18:29:52 | 000,000,040 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2009/05/24 10:48:40 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 08:36:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\fusioncache.dat
    [2009/05/16 22:28:11 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Johnson\default.pls

    ========== ZeroAccess Check ==========

    [2009/05/15 20:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 04:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/08/22 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/12/03 12:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiMedia
    [2012/05/25 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
    [2012/01/12 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2009/11/10 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2012/03/15 08:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/12/23 20:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\.minecraft
    [2012/01/21 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Cabos
    [2011/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Catalina Marketing Corp
    [2010/11/16 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/26 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\DDMSettings
    [2012/03/06 21:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\FrostWire
    [2010/08/22 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\GARMIN
    [2012/03/26 08:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HotSync
    [2012/11/14 03:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC
    [2012/08/15 10:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/03/15 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\ImgBurn
    [2012/01/21 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\LimeWire
    [2012/02/24 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Motorola
    [2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\MP3Rocket
    [2012/09/12 19:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\OpenOffice.org
    [2012/01/01 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\redsn0w
    [2012/01/12 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Samsung
    [2012/05/09 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Seas0nPass
    [2012/02/13 17:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Sierra Wireless
    [2009/07/23 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Smith Micro
    [2010/09/28 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Thunderbird
    [2011/08/31 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Tific
    [2010/10/19 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\webex
    [2009/05/15 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Desktop Search
    [2009/05/15 20:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
  11. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    [2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions
    [2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/07/07 08:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2013/01/19 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions
    [2012/10/03 10:21:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/08/22 17:40:30 | 000,000,000 | ---D | M] (Column Bookmarks FF3) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\ColumnBookmarksFF3@dischert.luc
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
    [2011/06/29 08:58:46 | 000,005,563 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\MulticolumnBookmarks@Maxim.Kudimov.xpi
    [2012/09/09 12:26:54 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/01/18 23:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/18 23:05:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/20 12:30:34 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2012/02/24 19:03:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/09/12 08:39:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/11 20:48:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/20 18:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiMedia.lnk = C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe (MiMedia LLC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O4 - Startup: C:\Documents and Settings\Johnson\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357792319234 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Johnson/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/15 00:26:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\RK_Quarantine
    [2013/01/20 20:12:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/01/20 18:27:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\PrivacIE
    [2013/01/20 15:53:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/01/20 15:53:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/01/20 15:53:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/01/20 15:53:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/01/20 15:52:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/20 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix
    [2013/01/19 20:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/01/19 19:43:16 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/18 23:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/18 17:45:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/01/18 13:03:41 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2013/01/13 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Updater21804
    [2013/01/13 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
    [2013/01/12 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\My Documents\scienceposter
    [2013/01/11 09:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\basket
    [2013/01/10 11:27:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\IETldCache
    [2013/01/09 22:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2013/01/09 22:44:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2013/01/09 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2013/01/09 22:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2013/01/09 22:06:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2013/01/09 22:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
    [2013/01/09 22:01:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2013/01/09 21:59:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
    [2013/01/09 21:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    [2013/01/09 21:58:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    [2013/01/08 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

    ========== Files - Modified Within 30 Days ==========

    [2013/01/21 15:26:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/21 15:24:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
    [2013/01/21 14:58:15 | 000,020,063 | ---- | M] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
    [2013/01/21 14:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/21 12:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2013/01/21 07:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/21 03:24:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
    [2013/01/20 20:57:44 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\PC Checkup 3 Weekly Scan.job
    [2013/01/20 20:19:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2013/01/20 18:24:54 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/01/20 18:14:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/01/20 18:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/20 16:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
    [2013/01/20 16:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/19 16:33:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
    [2013/01/19 16:33:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
    [2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/01/13 18:40:28 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Johnson\default.pls
    [2013/01/11 11:23:31 | 000,239,072 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
    [2013/01/11 08:25:17 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/11 08:25:16 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\Google Chrome.lnk
    [2013/01/10 11:27:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/09 23:00:50 | 000,524,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/09 23:00:50 | 000,095,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/09 22:51:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/09 12:47:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/07 20:48:37 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg

    ========== Files Created - No Company Name ==========

    [2013/01/21 14:58:14 | 000,020,063 | ---- | C] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
    [2013/01/20 15:53:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/01/20 15:53:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/01/20 15:53:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/01/20 15:53:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/01/20 15:53:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/01/11 11:23:31 | 000,239,072 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
    [2013/01/10 11:27:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/09 21:46:26 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2013/01/07 20:48:36 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg
    [2012/09/09 16:13:29 | 000,298,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1383384898-682003330-1003-0.dat
    [2012/09/02 21:52:07 | 000,173,974 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/06/28 18:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xscan.INI
    [2012/03/25 22:10:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/02/14 22:48:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/03 13:51:10 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/03 13:51:05 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/03 13:51:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2011/09/26 15:39:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/12 11:36:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/12/04 19:13:08 | 000,006,431 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Cabos.plist
    [2009/11/10 18:29:52 | 000,000,040 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2009/05/24 10:48:40 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 08:36:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\fusioncache.dat
    [2009/05/16 22:28:11 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Johnson\default.pls

    ========== ZeroAccess Check ==========

    [2009/05/15 20:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 04:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/08/22 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/12/03 12:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiMedia
    [2012/05/25 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
    [2012/01/12 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2009/11/10 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2012/03/15 08:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/12/23 20:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\.minecraft
    [2012/01/21 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Cabos
    [2011/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Catalina Marketing Corp
    [2010/11/16 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/26 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\DDMSettings
    [2012/03/06 21:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\FrostWire
    [2010/08/22 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\GARMIN
    [2012/03/26 08:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HotSync
    [2012/11/14 03:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC
    [2012/08/15 10:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/03/15 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\ImgBurn
    [2012/01/21 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\LimeWire
    [2012/02/24 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Motorola
    [2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\MP3Rocket
    [2012/09/12 19:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\OpenOffice.org
    [2012/01/01 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\redsn0w
    [2012/01/12 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Samsung
    [2012/05/09 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Seas0nPass
    [2012/02/13 17:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Sierra Wireless
    [2009/07/23 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Smith Micro
    [2010/09/28 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Thunderbird
    [2011/08/31 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Tific
    [2010/10/19 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\webex
    [2009/05/15 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Desktop Search
    [2009/05/15 20:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  13. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    All processes killed
    ========== OTL ==========
    Prefs.js: extension21804%40extension21804.com:0.87.11 removed from extensions.enabledAddons
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale\en-US folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\lib folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome folder moved successfully.
    C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com folder moved successfully.
    Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\ not found.
    Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults\ not found.
    Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale\ not found.
    Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin\ not found.
    Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Johnson\Desktop\Laptop Fix\cmd.bat deleted successfully.
    C:\Documents and Settings\Johnson\Desktop\Laptop Fix\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Johnson
    ->Temp folder emptied: 480 bytes
    ->Temporary Internet Files folder emptied: 868754 bytes
    ->Java cache emptied: 1407046 bytes
    ->FireFox cache emptied: 218734787 bytes
    ->Google Chrome cache emptied: 15960662 bytes
    ->Flash cache emptied: 111875 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: TEMP
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16823 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 213538 bytes

    Total Files Cleaned = 226.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01222013_175303

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_178.dat not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...






    C:\Program Files\Coupon Companion Plugin\Uninstall.exe multiple threats cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{E67E5936-455A-471C-9190-918380CCD3A9}\RP1386\A0139176.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{E67E5936-455A-471C-9190-918380CCD3A9}\RP1388\A0139436.exe multiple threats cleaned by deleting - quarantined
  14. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    Computer seems to be running a little better. Definitely booting up faster.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's make it run even better!

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.


    Please download SilentRunners
    • Save it to the desktop.
    • Run Silent Runner's by clicking on the "Silent Runners" icon on your desktop.
    • You will receive a prompt: Do you want to skip supplementary searches? click NO
    • If you receive an error just click OK and click it to run it again.
    • A text file will appear on your desktop - it may take a while to complete its run
    • Once you receive the prompt All Done!, open the text , copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  16. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    "Silent Runners.vbs", revision 68, http://www.silentrunners.org/
    Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [Nero AG]
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    amd_dc_opt = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [AMD]
    SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics Incorporated]
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh]
    SmAudio = C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c [Conexant]
    QlbCtrl.exe = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [ Hewlett-Packard Development Company, L.P.]
    RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Cyberlink Corp.]
    HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [MS]
    nwiz = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [NVIDIA Corporation]
    DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]
    APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
    Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
    QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]
    Nike+ Connect = "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [Nike]
    HTC Sync Loader = "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [null data]
    SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
    -> {HKLM…CLSID} = Adobe PDF Link Helper
    \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

    {326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video>
    -> {HKLM…CLSID} = DivX Plus Web Player HTML5 <video>
    \InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC]

    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Symantec NCO BHO
    -> {HKLM…CLSID} = Symantec NCO BHO
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

    {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention
    -> {HKLM…CLSID} = Symantec Intrusion Prevention
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [Symantec Corporation]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper
    \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
    -> {HKLM…CLSID} = Google Toolbar Notifier BHO
    \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [Google Inc.]

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
    -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
    \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    a_MiMediaFiles_MonitoredFolder\(Default) = {C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}
    -> {HKLM…CLSID} = IconOverlay_MonitoredFolder Class
    \InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

    a_MiMediaFiles_SynchronizationPending\(Default) = {FAD5EA38-2D1D-485D-9B07-D35EB72B922E}
    -> {HKLM…CLSID} = IconOverlay_SynchronizationPending Class
    \InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

    a_MiMediaFiles_Synchronized\(Default) = {69DE75F6-60E6-4E55-B416-171941A5C73E}
    -> {HKLM…CLSID} = IconOverlay_Synchronized Class
    \InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

    OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C}
    -> {HKLM…CLSID} = OverlayExcluded Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
    -> {HKLM…CLSID} = OverlayPending Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148}
    -> {HKLM…CLSID} = OverlayProtected Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
    -> {HKLM…CLSID} = HyperTerminal Icon Ext
    \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

    {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

    {97090E2F-3062-4459-855B-014F0D3CDBB1} = Windows Search Deskbar
    -> {HKCU…CLSID} = Windows Search Deskbar
    \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]
    -> {HKLM…CLSID} = Windows Search Deskbar
    \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]

    {13E7F612-F261-4391-BEA2-39DF4F3FA311} = Windows Desktop Search
    -> {HKLM…CLSID} = Windows Desktop Search
    \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\msnlExt.dll [MS]

    {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
    -> {HKLM…CLSID} = Outlook File Icon Extension
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL [MS]

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [file not found]

    {e57ce731-33e8-4c51-8354-bb4de9d215d1} = Universal Plug and Play Devices
    -> {HKLM…CLSID} = Universal Plug and Play Devices
    \InProcServer32\(Default) = C:\WINDOWS\system32\upnpui.dll [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
    -> {HKLM…CLSID} = Microsoft Office Metadata Handler
    \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
    -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
    \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

    {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
    -> {HKLM…CLSID} = DesktopContext Class
    \InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

    {FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
    -> {HKLM…CLSID} = NVIDIA CPL Extension
    \InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

    {1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer
    -> {HKLM…CLSID} = Desktop Explorer
    \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

    {1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

    {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu
    -> {HKLM…CLSID} = nView Desktop Context Menu
    \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

    {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
    -> {HKLM…CLSID} = iTunes
    \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {DCB5B297-65AE-46d8-93C9-FA4559783552} = MiMedia Virtual Drive
    -> {HKLM…CLSID} = MiMedia
    \InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [MS]

    {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
    -> {HKLM…CLSID} = NeroDigitalIconHandler Class
    \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

    {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
    -> {HKLM…CLSID} = NeroDigitalPropSheetHandler Class
    \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

    {3028902F-6374-48b2-8DC6-9725E775B926} = IE Microsoft AutoComplete
    -> {HKLM…CLSID} = IE Microsoft AutoComplete
    \InProcServer32\(Default) = C:\WINDOWS\system32\browseui.dll [MS]

    {8856f961-340a-11d0-a96b-00c04fd705a2} = Microsoft Web Browser
    -> {HKLM…CLSID} = Microsoft Web Browser
    \InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    <<!>> {56F9679E-7826-4C84-81F3-532071A8BCC5} = (no title provided)
    -> {HKLM…CLSID} = Windows Desktop Search Namespace Manager
    \InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [MS]

    <<!>> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = (no title provided)
    -> {HKLM…CLSID} = SABShellExecuteHook Class
    \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [SuperAdBlocker.com]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> !SASWinLogon\DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [SUPERAntiSpyware.com]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> cdo\CLSID = {CD00020A-8B95-11D1-82DB-00C04FB1625D}
    -> {HKLM…CLSID} = Microsoft PKM KnowledgePluggable Class
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [MS]

    <<!>> mso-offdap\CLSID = {3D9F03FA-7A94-11D3-BE81-0050048385D1}
    -> {HKLM…CLSID} = Data Page Pluggable Protocol mso-offdap Handler
    \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
    -> {HKLM…CLSID} = BUContextMenu Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    -> {HKLM…CLSID} = IEContextMenu Class
    \InProcServer32\(Default) = "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\NavShExt.dll" [Symantec Corporation]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

    {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
    -> {HKLM…CLSID} = SASContextMenu Class
    \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
    -> {HKLM…CLSID} = NBShellHook Class
    \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
    -> {HKLM…CLSID} = NBShellHook Class
    \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

    BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C}
    -> {HKLM…CLSID} = BuPropertySheet Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    -> {HKLM…CLSID} = MBAMShlExt Class
    \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

    {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
    -> {HKLM…CLSID} = SASContextMenu Class
    \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

    HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
    -> {HKLM…CLSID} = nView Desktop Context Menu
    \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

    NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}
    -> {HKLM…CLSID} = DesktopContext Class
    \InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
    -> {HKLM…CLSID} = NeroDigitalColumnHandler Class
    \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
    -> {HKLM…CLSID} = PDF Shell Extension
    \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
    -> {HKLM…CLSID} = BUContextMenu Class
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    -> {HKLM…CLSID} = MBAMShlExt Class
    \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    -> {HKLM…CLSID} = IEContextMenu Class
    \InProcServer32\(Default) = "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\NavShExt.dll" [Symantec Corporation]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
    -> {HKLM…CLSID} = NBShellHook Class
    \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
    -> {HKLM…CLSID} = NBShellHook Class
    \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    NoDrives = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    NoDrives = (REG_DWORD) dword:0x00000000
    {unrecognized setting}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    SCRNSAVE.EXE = C:\WINDOWS\system32\ss3dfo.scr [MS]


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    HPUnloadAutoplay\
    Provider = HP Image Zone
    InvokeProgID = HpqUnApl.Autoplay
    InvokeVerb = Play
    HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}
    -> {HKLM…CLSID} = (no title provided)
    \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [file not found]

    ImgBurnBDBurningOnArrival_BuildImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleBDBurningOnArrival_BuildImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [null data]

    ImgBurnBDBurningOnArrival_BurnImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleBDBurningOnArrival_BurnImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

    ImgBurnCDBurningOnArrival_BuildImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleCDBurningOnArrival_BuildImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

    ImgBurnCDBurningOnArrival_BurnImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleCDBurningOnArrival_BurnImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

    ImgBurnDVDBurningOnArrival_BuildImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleDVDBurningOnArrival_BuildImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

    ImgBurnDVDBurningOnArrival_BurnImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleDVDBurningOnArrival_BurnImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

    ImgBurnHDDVDBurningOnArrival_BuildImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleHDDVDBurningOnArrival_BuildImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

    ImgBurnHDDVDBurningOnArrival_BurnImage\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = HandleHDDVDBurningOnArrival_BurnImage
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

    ImgBurnPlayBluRayOnArrival_ReadDisc\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = PlayBluRayOnArrival_ReadDisc
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

    ImgBurnPlayCDAudioOnArrival_ReadDisc\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = PlayCDAudioOnArrival_ReadDisc
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

    ImgBurnPlayDVDMovieOnArrival_ReadDisc\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = PlayDVDMovieOnArrival_ReadDisc
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

    ImgBurnPlayHDDVDOnArrival_ReadDisc\
    Provider = ImgBurn
    InvokeProgID = ImgBurn.AutoPlay.1
    InvokeVerb = PlayHDDVDOnArrival_ReadDisc
    HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

    iTunesBurnCDOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.BurnCD
    InvokeVerb = burn
    HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [null data]

    iTunesImportSongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.ImportSongsOnCD
    InvokeVerb = import
    HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

    iTunesPlaySongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.PlaySongsOnCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

    iTunesShowSongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.ShowSongsOnCD
    InvokeVerb = showsongs
    HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

    MSWPDShellNamespaceHandler\
    Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine =
    -> {HKLM…CLSID} = WPDShextAutoplay
    \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

    NeroAutoPlay7CDAudio\
    Provider = Nero SoundTrax
    InvokeProgID = Nero.AutoPlay3
    InvokeVerb = HandleCDBurningOnArrival_CDAudio
    HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe / [Nero AG]

    NeroAutoPlay7CopyCD\
    Provider = Nero Burning ROM
    InvokeProgID = Nero.AutoPlay3
    InvokeVerb = PlayMusicFilesOnArrival_CopyCD
    HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\PlayMusicFilesOnArrival_CopyCD\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy /Drive:%L [Nero AG]

    NeroAutoPlay7PlayAudioCD\
    Provider = Nero ShowTime
    InvokeProgID = Nero.AutoPlay3
    InvokeVerb = PlayCDAudioOnArrival_PlayAudioCD
    HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\PlayCDAudioOnArrival_PlayAudioCD\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L [null data]

    PDVDPlayDVDMovieOnArrival\
    Provider = PowerDVD
    InvokeProgID = DVD
    InvokeVerb = PlayWithPowerDVD
    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.]


    DESKTOP.INI DLL launch in local fixed drive directories:
    --------------------------------------------------------

    C:\Documents and Settings\Default User\Local Settings\History\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

    C:\Documents and Settings\Default User\Local Settings\History\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
    -> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

    C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Feeds Cache\NK7IREVC\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\DESKTOP.INI
    [.ShellClassInfo]
    UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
    -> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]


    Startup items in "Johnson" & "All Users" startup folders:
    ---------------------------------------------------------

    C:\Documents and Settings\Johnson\Start Menu\Programs\Startup {++}
    PdaNet Desktop -> shortcut to: C:\Program Files\PdaNet for Android\PdaNetPC.exe [null data]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup {++}
    Microsoft Office -> shortcut to: C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l [MS]
    MiMedia -> shortcut to: C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe C:\Program Files\MiMedia LLC\MiMedia\MiMedia-logo2.ico [null data]
    Secunia PSI Tray -> shortcut to: C:\Program Files\Secunia\PSI\psi_tray.exe [Secunia]
    Windows Search -> shortcut to: C:\Program Files\Windows Desktop Search\WindowsSearch.exe /startup [MS]


    Enabled Scheduled Tasks: {++}
    ------------------------

    Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
    Google Software Updater -> launches: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start [Google]
    GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core -> launches: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA -> launches: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    MotoHelper MUM -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -MUM [null data]
    MotoHelper Routing -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -r [null data]
    MotoHelper Update -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -d -silent [null data]
    PC Checkup 3 Weekly Scan -> launches: C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe -hide -mode=scheduled [Symantec Corporation]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 21
    %SystemRoot%\system32\rsvpsp.dll [MS], 22 - 23


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    -> {HKLM…CLSID} = Norton Toolbar
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    -> {HKLM…CLSID} = Norton Toolbar
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar
    -> {HKLM…CLSID} = Norton Toolbar
    \InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\
    {6ED0A312-78F5-493C-A90C-5DAF321D0BF8}\
    MenuText = We-Care Add-on
    CLSIDExtension = {6ED0A312-78F5-493C-A90C-5DAF321D0BF8}
    -> {HKLM…CLSID} = EDReminder Class
    \InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll [file not found]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    MenuText = @xpsp3res.dll,-20001
    Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    ButtonText = Messenger
    MenuText = Windows Messenger
    Exec = C:\Program Files\Messenger\msmsgs.exe [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
    <<H>> NavigationFailure = res://shdoclc.dll/navcancl.htm [MS]
    <<H>> DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm [MS]
    <<H>> NavigationCanceled = res://shdoclc.dll/navcancl.htm [MS]
    <<H>> OfflineInformation = res://shdoclc.dll/offcancl.htm [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
    Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [null data]
    Common Client Job Manager Service, PCCUJobMgr, "C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll" /prefetch:1 [Symantec Corporation]
    hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" [Hewlett-Packard Development Company, L.P.]
    Internet Pass-Through Service, PassThru Service, C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [null data]
    iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
    Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
    MotoHelper Service, MotoHelper, C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [null data]
    Norton PC Checkup Application Launcher, Norton PC Checkup Application Launcher, C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe /s [Symantec Corporation]
    Norton Security Suite, N360, "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [Symantec Corporation]
    NVIDIA Display Driver Service, nvsvc, C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
    Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\system32\HPZipm12.exe [HP]
    Secunia PSI Agent, Secunia PSI Agent, "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [null data]
    Secunia Update Agent, Secunia Update Agent, "C:\Program Files\Secunia\PSI\sua.exe" --start-service [Secunia]
    Windows Driver Foundation - User-mode Driver Framework, WudfSvc, C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup {C:\WINDOWS\System32\WUDFSvc.dll [MS]}
    Windows Media Player Network Sharing Service, WMPNetworkSvc, "C:\Program Files\Windows Media Player\WMPNetwk.exe" [MS]
    Windows Search, WSearch, C:\WINDOWS\system32\SearchIndexer.exe /Embedding [MS]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (title not found)


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Speed up startup and speed with StartUpLite: http://www.malwarebytes.org/products/startuplite/

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  18. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware Free Edition
    Secunia PSI (3.0.0.0004)
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner (remove only)
    Java(TM) 6 Update 31
    Java 7 Update 6
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 9 Adobe Reader out of Date!
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox (18.0.1)
    Mozilla Thunderbird (17.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  20. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    I think all is good. Thanks for all your help.
  21. mikeyj67

    mikeyj67 Newcomer, in training Topic Starter Posts: 39

    Check your paypal to make sure your donation arrived. What was my computer actually infected with? In your opinion what is the best antivirus program out there these days?

    Thanks Again
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Got it! Thanks a lot! :D

    As for what you were infected with... quite a bit of adware, and a browser hijacking trojan. We removed all of it, thank goodness.

    I'd say there is no "best" antivirus program, but if you go with something free, choose avast! Free edition or Avira Free.

    Feel free to get a good review of antivirus software here, especially if you choose something paid: http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.