TechSpot

Please help me remove Win32/heur virus

Solved
By laemon
Oct 6, 2011
  1. Hi, I followed the 6-step virus/malware preliminary removal instruction. Hope you can shed light as to the current status of my computer.

    AVG always detects two infected files apparently on my Norton360 folder, cmcsshost.exe (or something like that). I also have Norton360 installed, and it's paid for 1 year. I don't understand why AVG can detect the virus while Norton can't. Should I ask for a refund?

    Reading the logs, it says the infection has been removed. But I'm not very sure. :|



    Here are my logs:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7890

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    10/6/2011 6:01:35 PM
    mbam-log-2011-10-06 (18-01-35).txt

    Scan type: Quick scan
    Objects scanned: 183861
    Time elapsed: 9 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 19
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger (Backdoor.Bot) -> Value: Yahoo Messengger -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-06 18:27:55
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OC60F
    Running: ge2ktvfz.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Acer at 18:45:45 on 2011-10-06
    Microsoft® Windows Vista™ Starter 6.0.6002.2.1252.1.1033.18.1977.344 [GMT -7:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uStart Page = hxxp://ca.yahoo.com/
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\users\acer\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\acer\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
    uPolicies-explorer: NoDFSTab = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoDFSTab = 1 (0x1)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll/206
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{09CF96AE-2513-42C1-99BB-F0C86108DC2E} : DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{88013527-C727-4DF8-A109-5F121D22A3EF} : DhcpNameServer = 192.168.1.254 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\vxa7qs5x.default\
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\coffplgn_2011_7_2_3\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\vxa7qs5x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\vxa7qs5x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\programdata\realarcade\npraclient.dll
    FF - plugin: c:\users\acer\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\users\acer\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\acer\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\acer\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\coFFPlgn_2011_7_2_3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-9-14 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-9-14 744568]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-29 816760]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\ipsdefs\20111005.031\IDSvix86.sys [2011-10-5 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-9-14 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-9-14 331384]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-6 366152]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-9-14 130008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-14 105592]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-11-13 57344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-6 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-10-07 00:49:55 -------- d-----w- c:\users\acer\appdata\roaming\Malwarebytes
    2011-10-07 00:49:12 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-07 00:49:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-07 00:49:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-05 04:54:09 -------- d-----w- c:\users\acer\appdata\local\NPE
    2011-09-23 20:30:55 -------- d-----w- c:\users\acer\appdata\roaming\MAGIX
    2011-09-23 20:26:34 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2011-09-23 20:25:09 -------- d-----w- c:\programdata\MAGIX
    2011-09-23 20:22:54 -------- d-----w- c:\program files\MAGIX
    2011-09-23 20:22:53 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2011-09-23 20:20:08 -------- d-----w- c:\program files\common files\MAGIX Services
    2011-09-21 04:17:28 -------- d-----w- c:\users\acer\appdata\local\CrashDumps
    2011-09-15 01:54:55 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-15 01:54:51 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-09-15 01:54:50 -------- d-----w- c:\program files\Symantec
    2011-09-15 01:54:50 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-09-15 01:54:17 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
    2011-09-15 01:54:16 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
    2011-09-15 01:54:16 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
    2011-09-15 01:54:16 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
    2011-09-15 01:54:16 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
    2011-09-15 01:54:15 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
    2011-09-15 01:54:15 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
    2011-09-15 01:52:35 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
    2011-09-15 01:51:57 -------- d-----w- c:\windows\system32\drivers\N360
    2011-09-15 01:51:54 -------- d-----w- c:\program files\Norton 360
    2011-09-15 00:41:46 -------- d-----w- c:\programdata\Norton
    2011-09-15 00:17:44 -------- d-----w- c:\programdata\NortonInstaller
    2011-09-15 00:17:44 -------- d-----w- c:\program files\NortonInstaller
    2011-09-15 00:16:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-14 15:20:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ============= FINISH: 18:48:35.97 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Starter
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/14/2009 7:40:51 PM
    System Uptime: 10/6/2011 6:22:24 PM (0 hours ago)
    .
    Motherboard: Acer | | Aspire 4736Z
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | uPGA-478 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 124.778 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Acer Crystal Eye Webcam
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Wireless LAN Client Adapter
    Audacity 1.2.6
    AVG 2011
    AviSynth 2.5
    BitComet 1.22
    Bonjour
    BufferChm
    Canon DIGITAL CAMERA Solution Disk Software Guide
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow Launcher
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Coupon Printer for Windows
    Creative Media Lite
    Creative ZEN Stone Plus User's Guide
    D3DX10
    DJ_AIO_05_F4400_Software_Min
    F4400
    Facebook Plug-In
    Firebird SQL Server - MAGIX Edition
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
    HP Photo Creations
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    JMicron Flash Media Controller Driver
    Launch Manager
    LimeWire 5.5.8
    MAGIX Music Maker 16 Premium Download Version
    MAGIX Screenshare
    MAGIX Speed burnR
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Monopoly Here & Now Edition
    Mozilla Firefox (3.6.20)
    MpcStar 5.1
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    NVIDIA Drivers
    QuickTime
    RealArcade
    Realtek High Definition Audio Driver
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Skype Toolbars
    Skype™ 4.2
    Sony Picture Utility
    STATGRAPHICS Centurion XVI.I
    STATGRAPHICS Centurion XVI.I English Supplemental
    Synaptics Pointing Device Driver
    Synthesia (remove only)
    Text-To-Speech-Runtime
    Toolbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Videora iPod Converter 5.04
    Videora iPod touch Converter 6
    VLC media player 1.1.5
    VoiceOver Kit
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    YouTube Downloader 2.6.2
    YouTube Downloader App 2.03
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/6/2011 8:39:01 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    10/6/2011 8:33:46 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 0017C49DC358 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    10/6/2011 6:47:59 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.68. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.
    10/6/2011 6:23:24 PM, Error: EventLog [6008] - The previous system shutdown at 6:21:50 PM on 10/6/2011 was unexpected.
    10/4/2011 12:27:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    10/3/2011 9:08:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    10/3/2011 7:59:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    10/2/2011 7:50:54 AM, Error: EventLog [6008] - The previous system shutdown at 7:48:35 AM on 10/2/2011 was unexpected.
    10/2/2011 7:43:21 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    First of all you can't be running two AV programs.
    One of them has to go.
    If AVG, use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
    If Norton, use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    When done...
    "Something" won't do.
    I need to know exact file name and its location.
    It may be false positive.
     
  3. laemon

    laemon TS Rookie Topic Starter

    Hi Broni

    Thanks for replying immediately. I've already uninstalled Norton360.

    (I also visited my computer's Security Center to update Windows Defender when I saw that Windows Firewall is down and I couldn't turn it on. This'll probably be a different thread.)

    Anyway, sorry for the "something", I wasn't able to take note of the .exe file because it comes up at random moments. Even if I scan the whole PC using AVG, it doesn't show.
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. laemon

    laemon TS Rookie Topic Starter

    Hi Broni

    False alarm, I saw progress... I thought the program got stuck because it hasn't been moving for a long time, but I guess it takes a while to finish. Anyway, here is my log. I will do ComboFix tomorrow. :) Does "installing" FixIt by Microsoft count as installing a program? Sorry, I think I ran it yesterday in hopes of putting my firewall up. (It's still turned off) *yikes*

    Run date: 2011-10-07 21:39:57
    -----------------------------
    21:39:57.796 OS Version: Windows 6.0.6002 Service Pack 2
    21:39:57.797 Number of processors: 2 586 0x170A
    21:39:57.798 ComputerName: ACER-PC UserName: Acer
    21:40:00.433 Initialize success
    21:40:11.828 AVAST engine defs: 11100701
    21:40:15.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    21:40:15.628 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 3
    21:40:17.710 Disk 0 MBR read successfully
    21:40:17.725 Disk 0 MBR scan
    21:40:17.734 Disk 0 Windows VISTA default MBR code
    21:40:17.774 Disk 0 scanning sectors +488394752
    21:40:17.935 Disk 0 scanning C:\Windows\system32\drivers
    21:40:43.221 Service scanning
    21:40:44.645 Modules scanning
    21:41:04.973 Disk 0 trace - called modules:
    21:41:05.013 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
    21:41:05.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dd6258]
    21:41:05.027 3 CLASSPNP.SYS[87d9d8b3] -> nt!IofCallDriver -> [0x84badc10]
    21:41:05.036 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84bad030]
    21:41:06.711 AVAST engine scan C:\Windows
    21:41:18.708 AVAST engine scan C:\Windows\system32
    21:44:04.302 AVAST engine scan C:\Windows\system32\drivers
    21:44:20.905 AVAST engine scan C:\Users\Acer
    22:58:32.855 AVAST engine scan C:\ProgramData
    23:14:05.845 Scan finished successfully
    23:15:41.797 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Documents\MBR.dat"
    23:15:41.835 The log file has been saved successfully to "C:\Users\Acer\Documents\aswMBR.txt"
     
  6. laemon

    laemon TS Rookie Topic Starter

    ComboFix Log

    ComboFix 11-10-08.05 - Acer 10/08/2011 21:09:20.1.2 - x86
    Microsoft® Windows Vista™ Starter 6.0.6002.2.1252.1.1033.18.1977.1052 [GMT -7:00]
    Running from: c:\users\Acer\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Acer\videos\MicrosoftFixit.wu.Run.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-09 04:18 . 2011-10-09 04:18 -------- d-----w- c:\users\Acer\AppData\Local\temp
    2011-10-07 06:27 . 2011-09-21 16:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5677B5C9-1400-4F81-BEDC-93E203BC7F9A}\mpengine.dll
    2011-10-07 05:21 . 2011-10-07 05:21 -------- d-----w- c:\users\Acer\AppData\Local\ElevatedDiagnostics
    2011-10-07 00:49 . 2011-10-07 00:49 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
    2011-10-07 00:49 . 2011-10-07 00:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-07 00:49 . 2011-10-07 00:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-07 00:49 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-05 04:54 . 2011-10-05 04:58 -------- d-----w- c:\users\Acer\AppData\Local\NPE
    2011-09-23 20:30 . 2011-09-23 20:30 -------- d-----w- c:\users\Acer\AppData\Roaming\MAGIX
    2011-09-23 20:26 . 2003-04-18 23:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2011-09-23 20:25 . 2011-09-23 20:28 -------- d-----w- c:\programdata\MAGIX
    2011-09-23 20:22 . 2011-09-23 20:28 -------- d-----w- c:\program files\MAGIX
    2011-09-23 20:22 . 2007-04-27 17:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2011-09-23 20:20 . 2011-09-23 20:29 -------- d-----w- c:\program files\Common Files\MAGIX Services
    2011-09-21 04:17 . 2011-10-08 05:13 -------- d-----w- c:\users\Acer\AppData\Local\CrashDumps
    2011-09-15 01:54 . 2010-08-21 03:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-09-15 01:51 . 2011-09-15 01:56 -------- d-----w- c:\windows\system32\drivers\N360
    2011-09-15 00:41 . 2011-10-05 04:54 -------- d-----w- c:\programdata\Norton
    2011-09-15 00:16 . 2011-09-15 00:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-14 15:20 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-22 02:54 . 2011-08-11 06:06 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-11 06:06 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-11 06:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-11 13:25 . 2011-08-24 13:51 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
    "CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-15 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    .
    c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-26 385024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDFSTab"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDFSTab"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-11-13 57344]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 16:49]
    .
    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 16:49]
    .
    2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148459824-1686059337-531940451-1000Core.job
    - c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 10:22]
    .
    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4148459824-1686059337-531940451-1000UA.job
    - c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 10:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ca.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\vxa7qs5x.default\
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
    AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
    AddRemove-RealArcade - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-08 21:18
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CTZDetec.exe = c:\program files\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-10-08 21:21:42
    ComboFix-quarantined-files.txt 2011-10-09 04:21
    .
    Pre-Run: 126,868,668,416 bytes free
    Post-Run: 127,927,590,912 bytes free
    .
    - - End Of File - - 4A0DAD6D87915318CD386F94918744F8






    P.S. My Firewall turned ON! Yayyy!
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. laemon

    laemon TS Rookie Topic Starter

    OTL

    Oh no, it's too long. :| I'm posting OTL.txt in two posts. Hope that's okay.

    ---



    OTL logfile created on: 10/9/2011 12:12:28 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Acer\Desktop
    Windows Vista Starter Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 58.23% Memory free
    4.10 Gb Paging File | 2.74 Gb Available in Paging File | 66.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 118.95 Gb Free Space | 51.08% Space Free | Partition Type: NTFS

    Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/09 12:01:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
    PRC - [2011/10/09 08:23:13 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/22 11:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/11 21:21:14 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/25 23:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2007/12/17 23:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    PRC - [2007/11/27 18:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    PRC - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/11/10 00:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2008/07/29 04:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/25 23:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
    SRV - [2008/01/20 19:26:36 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/06/03 21:30:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/06/03 21:30:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/11/13 10:46:54 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
    DRV - [2009/09/29 15:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/06/14 23:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2009/01/20 01:36:34 | 001,205,312 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/10/09 00:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 86 A1 AA E1 67 CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.0.1
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3
    FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=panda&type=panda1_0yatb&p="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Acer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Acer\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 09:31:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 15:14:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 07:41:26 | 000,000,000 | ---D | M]

    [2010/02/12 05:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
    [2009/09/08 01:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/10/03 10:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions
    [2010/02/12 05:56:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/17 13:52:42 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/08/17 13:52:52 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2010/08/17 13:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
    [2011/07/15 11:21:02 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\foxyproxy@eric.h.jung
    [2011/07/29 16:37:03 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\vxa7qs5x.default\extensions\personas@christopher.beard
    [2010/02/15 01:28:10 | 000,009,977 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\vxa7qs5x.default\searchplugins\mywebsearch.xml
    [2011/09/25 19:42:09 | 000,002,469 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\vxa7qs5x.default\searchplugins\safesearch.xml
    [2011/06/30 21:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/22 09:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/18 11:50:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/05 11:04:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/01 14:39:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/15 21:09:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/30 21:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/09/14 09:31:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_2_3
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
    [2010/02/21 03:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
    [2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
    CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Acer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Acer\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Proxy Switchy! = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
    CHR - Extension: AT_ToryBurch = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmegkjpmindaciljlcghnbgceakbnfa\2_0\
    CHR - Extension: AVG Safe Search = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

    O1 HOSTS File: ([2011/10/08 21:18:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09CF96AE-2513-42C1-99BB-F0C86108DC2E}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88013527-C727-4DF8-A109-5F121D22A3EF}: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Acer\Downloads\b0034105_4e4fe08fc6b04.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Acer\Downloads\b0034105_4e4fe08fc6b04.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - ff_vfw.dll File not found
    Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/09 12:01:21 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
    [2011/10/08 21:21:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/10/08 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\temp
    [2011/10/08 21:18:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/10/08 21:06:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/08 21:06:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/08 21:06:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/08 21:06:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/08 21:06:16 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/10/08 21:06:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/08 21:02:33 | 004,250,142 | R--- | C] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
    [2011/10/07 21:02:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
    [2011/10/06 22:21:31 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\ElevatedDiagnostics
    [2011/10/06 18:44:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Acer\Desktop\dds.scr
    [2011/10/06 17:49:55 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
    [2011/10/06 17:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/06 17:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/10/06 17:49:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/10/06 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/06 17:46:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/05 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\Blank
    [2011/10/04 21:54:09 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\NPE
    [2011/09/23 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\MAGIX downloads
    [2011/09/23 13:30:55 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\MAGIX
    [2011/09/23 13:28:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\MAGIX_Screenshare
    [2011/09/23 13:27:29 | 000,917,504 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe
    [2011/09/23 13:27:29 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll
    [2011/09/23 13:27:29 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll
    [2011/09/23 13:27:29 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll
    [2011/09/23 13:27:29 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll
    [2011/09/23 13:27:29 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll
    [2011/09/23 13:27:29 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll
    [2011/09/23 13:27:29 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll
    [2011/09/23 13:27:29 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll
    [2011/09/23 13:27:29 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll
    [2011/09/23 13:27:29 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll
    [2011/09/23 13:27:29 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll
    [2011/09/23 13:27:29 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll
    [2011/09/23 13:27:29 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll
    [2011/09/23 13:27:29 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll
    [2011/09/23 13:27:29 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll
    [2011/09/23 13:27:29 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll
    [2011/09/23 13:27:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll
    [2011/09/23 13:27:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll
    [2011/09/23 13:27:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll
    [2011/09/23 13:27:29 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll
    [2011/09/23 13:27:29 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll
    [2011/09/23 13:27:29 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll
    [2011/09/23 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\MAGIX_Speed2_burnR_mxcdr
    [2011/09/23 13:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
    [2011/09/23 13:25:56 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\MAGIX_MusicMaker16Premium_Download_Version
    [2011/09/23 13:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
    [2011/09/23 13:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
    [2011/09/23 13:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
    [2011/09/23 12:34:48 | 175,790,360 | ---- | C] (MAGIX AG) -- C:\Users\Acer\Desktop\trial_muma16prem_uk.exe
    [2011/09/20 21:17:28 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\CrashDumps
    [2011/09/14 19:37:35 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\Symantec
    [2011/09/14 18:52:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
    [2011/09/14 18:51:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
    [2011/09/14 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/09/14 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/10/09 12:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4148459824-1686059337-531940451-1000UA.job
    [2011/10/09 12:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/09 12:01:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
    [2011/10/09 10:22:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/09 10:22:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/09 08:22:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/09 08:22:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/08 23:05:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/10/08 21:18:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/10/08 21:03:05 | 004,250,142 | R--- | M] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
    [2011/10/08 15:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4148459824-1686059337-531940451-1000Core.job
    [2011/10/07 23:15:41 | 000,000,512 | ---- | M] () -- C:\Users\Acer\Documents\MBR.dat
    [2011/10/07 21:03:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
    [2011/10/07 18:57:33 | 000,327,606 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/10/07 08:50:51 | 134,352,362 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/10/06 18:45:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Acer\Desktop\dds.scr
    [2011/10/06 18:23:00 | 296,662,925 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/10/06 18:11:00 | 000,302,592 | ---- | M] () -- C:\Users\Acer\Desktop\ge2ktvfz.exe
    [2011/10/06 17:49:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/06 17:47:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/06 17:39:42 | 000,000,109 | ---- | M] () -- C:\Users\Acer\webct_upload_applet.properties
    [2011/10/05 19:49:39 | 000,606,340 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/10/05 19:49:39 | 000,104,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/09/28 19:17:25 | 000,000,778 | ---- | M] () -- C:\Users\Acer\Desktop\PlantsVsZombies - Shortcut.lnk
    [2011/09/24 08:17:44 | 000,000,258 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (2).lnk
    [2011/09/24 08:06:19 | 000,401,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/09/23 16:44:36 | 000,002,744 | ---- | M] () -- C:\{DFB851DC-5F7A-4E59-962C-A0AFFAB86A38}
    [2011/09/23 13:26:17 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 16 Premium Download Version.lnk
    [2011/09/23 12:54:00 | 175,790,360 | ---- | M] (MAGIX AG) -- C:\Users\Acer\Desktop\trial_muma16prem_uk.exe
    [2011/09/15 08:07:12 | 002,051,278 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB

    ========== Files Created - No Company Name ==========

    [2011/10/08 21:06:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/08 21:06:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/08 21:06:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/08 21:06:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/08 21:06:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/07 23:15:41 | 000,000,512 | ---- | C] () -- C:\Users\Acer\Documents\MBR.dat
    [2011/10/06 18:23:00 | 296,662,925 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/10/06 18:10:45 | 000,302,592 | ---- | C] () -- C:\Users\Acer\Desktop\ge2ktvfz.exe
    [2011/10/06 17:49:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/28 19:17:24 | 000,000,778 | ---- | C] () -- C:\Users\Acer\Desktop\PlantsVsZombies - Shortcut.lnk
    [2011/09/24 08:17:44 | 000,000,258 | ---- | C] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (2).lnk
    [2011/09/23 16:44:36 | 000,002,744 | ---- | C] () -- C:\{DFB851DC-5F7A-4E59-962C-A0AFFAB86A38}
    [2011/09/23 13:27:29 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib
    [2011/09/23 13:26:16 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 16 Premium Download Version.lnk
    [2011/09/23 13:22:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2011/09/14 18:55:03 | 002,051,278 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
    [2011/03/18 13:54:58 | 002,529,622 | ---- | C] () -- C:\Users\Acer\AppData\Local\[j0002]-[p04].bmp
    [2011/03/05 19:33:13 | 000,171,900 | ---- | C] () -- C:\Windows\hpoins37.dat.temp
    [2011/03/05 19:33:09 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
    [2011/03/05 19:03:30 | 000,171,308 | ---- | C] () -- C:\Windows\hpoins37.dat
    [2011/01/13 00:32:11 | 000,207,331 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
    [2011/01/07 01:16:31 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
    [2011/01/01 10:43:08 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/01/01 10:43:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/08/04 14:29:22 | 000,855,641 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\PandaIDProtectHelp.chm
    [2010/07/28 21:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/07/28 21:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/07/28 21:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/07/28 20:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/06/15 20:31:11 | 000,004,096 | -H-- | C] () -- C:\Users\Acer\AppData\Local\keyfile3.drm
    [2010/04/21 19:12:41 | 000,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Local\prvlcl.dat
    [2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
    [2009/11/26 07:32:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/17 03:34:22 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
    [2009/08/25 07:12:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/25 07:12:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/24 07:34:43 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3(79).dat
    [2009/08/24 07:34:43 | 000,604,140 | ---- | C] () -- C:\Windows\System32\drivers\ISwift3(54).dat
    [2009/08/18 23:58:08 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009/08/18 17:43:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/08/14 07:03:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2009/08/14 05:16:53 | 000,026,112 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/14 05:10:55 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2009/08/14 05:10:55 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2009/08/14 05:10:55 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
    [2009/08/14 05:10:55 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
    [2009/08/14 05:01:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
    [2009/08/14 05:01:19 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2009/08/14 04:47:39 | 000,090,772 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
    [2009/08/14 04:47:39 | 000,000,536 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
    [2009/08/14 04:47:39 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/08/14 04:43:10 | 000,001,356 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
    [2006/11/02 05:59:06 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:45:36 | 000,401,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 03:33:01 | 000,606,340 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,104,680 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2010/10/13 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\AVG10
    [2011/10/06 23:40:28 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BitComet
    [2010/09/19 09:42:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\CometPlayer
    [2010/02/27 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Facebook
    [2010/05/08 15:39:54 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GameHouse
    [2010/10/17 09:33:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\InstantAction
    [2009/12/06 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\iWin
    [2011/02/05 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\LimeWire
    [2011/09/23 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\MAGIX
    [2009/09/17 02:34:31 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\NCH Swift Sound
    [2010/02/04 20:17:31 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ooVoo Details
    [2009/10/10 06:52:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Opera
    [2010/05/23 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Panda Security
    [2010/05/08 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PlayFirst
    [2010/06/26 11:23:14 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SurfSecret Privacy Suite
    [2011/07/20 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Synthesia
    [2010/10/16 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TigerPlayer
    [2011/10/08 23:05:25 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  9. laemon

    laemon TS Rookie Topic Starter

    OTL part 2

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/10/08 21:21:42 | 000,015,138 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/10/09 08:22:42 | 2387,836,928 | -HS- | M] () -- C:\pagefile.sys
    [2011/09/23 16:44:36 | 000,002,744 | ---- | M] () -- C:\{DFB851DC-5F7A-4E59-962C-A0AFFAB86A38}

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:33:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:33:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:33:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/08/25 07:21:59 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/10/06 16:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp083.dll
    [2009/04/16 15:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
    [2006/10/26 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 19:46:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 20:18:37 | 015,384,576 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 20:18:26 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 20:18:37 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/09/24 08:17:44 | 000,000,351 | -HS- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/07 21:03:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
    [2011/10/08 21:03:05 | 004,250,142 | R--- | M] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
    [2011/10/06 18:11:00 | 000,302,592 | ---- | M] () -- C:\Users\Acer\Desktop\ge2ktvfz.exe
    [2011/10/06 17:47:36 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Acer\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/09 12:01:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
    [2011/09/23 12:54:00 | 175,790,360 | ---- | M] (MAGIX AG) -- C:\Users\Acer\Desktop\trial_muma16prem_uk.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/10/08 05:38:20 | 000,000,402 | -HS- | M] () -- C:\Users\Acer\Favorites\desktop.ini
    [2011/05/13 23:02:59 | 001,288,680 | ---- | M] () -- C:\Users\Acer\Favorites\Girl's Generation_RunDevilRun.jpg

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/05 21:35:30 | 000,028,997 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Acer Crystal Eye webcam.EXE

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  10. laemon

    laemon TS Rookie Topic Starter

    Extras

    OTL Extras logfile created on: 10/9/2011 12:12:28 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Acer\Desktop
    Windows Vista Starter Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 58.23% Memory free
    4.10 Gb Paging File | 2.74 Gb Available in Paging File | 66.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 118.95 Gb Free Space | 51.08% Space Free | Partition Type: NTFS

    Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04308DC6-2534-4BE0-9853-21F8F254D3A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{0C18DACE-CF19-4751-BDC2-8E2908813451}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0C4253A0-723D-4083-BF72-83A6915916CD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{0CA13D8C-13F5-453F-B79D-5A0756B626E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0FB3B6B7-83B3-4030-B259-6EDD2E322609}" = rport=139 | protocol=6 | dir=out | app=system |
    "{1058A7C6-354B-4B0F-8FA5-D3CDE323C5A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1099934B-02D3-4516-BF04-60F987A4E5B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{202112D9-286E-410C-844D-B1A1AC59049C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{221AFC69-9E52-448B-86FD-2BC27C887C0A}" = lport=26097 | protocol=17 | dir=in | name=bitcomet 26097 udp |
    "{3C948010-EBDF-471E-8C55-39DF12A7581F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3DA6F40D-3B45-41A7-B493-7A1D9EACFB73}" = lport=137 | protocol=17 | dir=in | app=system |
    "{3DE4157A-7904-4B03-B12A-8FEEC8604A78}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4FC09BD1-D3BA-4567-81E4-A2A63C0BA9FF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{52C450A0-D0B0-4A00-BE7F-8014B6714308}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{56C9048C-8CF3-4AA0-9072-FB5EA49E1B5D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{5CCE193D-8CD0-4718-9E42-FBCA229BE752}" = rport=138 | protocol=17 | dir=out | app=system |
    "{659853E9-E50A-469F-8019-03562A0EE640}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6E0489DA-4F65-47D7-9307-889AB5BBB2E9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6EFD7896-1F61-486C-8395-84BA4A528A4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{87E4AC70-6E93-4518-8688-B943BFDD2405}" = lport=445 | protocol=6 | dir=in | app=system |
    "{89A5191A-3BB2-435B-A28E-0273FB6D8CCF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{98B6F0BB-4B96-4FFD-B1D3-3E2DB43E36CD}" = lport=26097 | protocol=6 | dir=in | name=bitcomet 26097 tcp |
    "{C356046E-1E30-431F-89DB-BF2C1936BB26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{DDECE103-6CE3-4978-9976-9CF3ABD5DAEB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05515250-1C29-47D8-A6D3-8DA0E18923A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{060B3F17-4972-48F2-9669-8A4AA40FE317}" = protocol=6 | dir=in | app=hpqscnvw.exe |
    "{06B0D4B1-0D36-4432-B050-BF6FCC47DA4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{081310CC-0F2B-4020-A779-140FDFBBE203}" = protocol=6 | dir=in | app=hpqkygrp.exe |
    "{0AF8C80B-5356-483C-9D17-779492111C93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{156CEC9B-2CFF-47B9-8E38-7DE0C0F8EBE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{2BE3C0A0-0360-46BC-850E-231C4B7736E1}" = protocol=17 | dir=out | app=hpqtra08.exe |
    "{2CECADCB-954C-4360-8845-7651029E8E5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{2F5FA7DE-DE88-4D6F-8F86-5BB2B4F0B0A0}" = protocol=6 | dir=out | app=hpqkygrp.exe |
    "{2F9D03B5-E5B6-4BB4-96D9-02F72D841E2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{300F7BB0-B10C-4C1A-94F7-CDD2F644CB3A}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{31344BF4-4A59-4F50-AA5A-F2C9F4C7FA82}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{3233B098-E241-47C9-92A9-99336C6238FD}" = protocol=6 | dir=out | app=hpqste08.exe |
    "{34496B3A-99A6-469A-B1D2-90AE80E7D976}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{36077FCD-CDD7-47AB-92F3-FD542FC5CADC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{390EA6A0-B772-4430-899D-02FDC5970791}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{3E175CBC-43B7-4A9B-8A7B-3AD1293022C9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{3F4193B2-8F43-47EC-B240-714355EA68DB}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{400DC985-F45C-4DF0-ACAE-D7D4D1EB7568}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{4384E877-F1E1-4E24-AC16-DC966BFBB192}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4B2ED2D1-23C5-43DD-9948-DAD9575A0442}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4B3CC6C8-1566-49D6-A3FC-24AF0AB72033}" = protocol=17 | dir=out | app=hpqkygrp.exe |
    "{4C1F22CB-D508-48A2-BB52-75BE6A737921}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{4D687688-0722-4A03-88F7-E9857D3087EB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{574F261C-4B0F-4B2A-9F3A-6BB3355648DA}" = protocol=17 | dir=out | app=hpqthb08.exe |
    "{57F8C037-C2D4-43D8-B664-A97FF2629546}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{58B633F6-EC3C-4FC6-BE7A-67E8098C1704}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{59BA8AA5-954F-4BF8-9A96-FAAB0D161F1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{5BF5B9A9-FDAB-4518-AB3A-EFBEEC49310C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{62B4ED89-F6BF-4AA6-8CA6-5968F34D25F3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{630E24D5-3608-4106-9503-48CF82C956A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{67414295-8089-41D8-B1B2-41B36A1995D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{69C90695-2915-405C-8B4A-E7BC6291A1A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{69CD06BC-68C9-49B7-A968-CBA6D87872BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{6D8D335B-744D-4A83-88A8-3E2ECF5C2DA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{6EC1B51D-D92E-491F-A3CE-18E5F300E99B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{7096FA3B-5356-4463-87B0-7A39585B35DE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{73FE1D70-B6E3-4697-B48F-8C9914A2423E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{758A1B5B-9CC0-493E-BE1A-143A44B9AA53}" = protocol=17 | dir=in | app=hpqtra08.exe |
    "{783D7FB4-38F4-4BDC-8E09-299A14849140}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{78A8E729-9C83-447F-A6F3-A05AB5C0F891}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{79C0072F-CB73-402E-9708-43D4D7140E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7BD5C9A3-F80E-4823-A13D-2599CE72E169}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{7F69B682-EB0B-4077-AFB1-7736A89C6BE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{835D8529-3967-454F-A2FB-B90689919F63}" = protocol=17 | dir=out | app=hpqscnvw.exe |
    "{8C9105CF-83B7-48E5-A83B-8FEE00893A5B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8D6F1544-AB6C-4B1B-AAA2-2D7EF611B67B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{98576D54-D6AE-4297-9F24-011D105B7812}" = protocol=6 | dir=in | app=hpqthb08.exe |
    "{98F0847E-ADC1-4E9F-8372-A8617F8EEB52}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{9C0122FA-B34D-45C5-ABD3-A9626683F2D6}" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\temp\7zs4a6b.tmp\symnrt.exe |
    "{9C736162-14F8-40F5-AB6E-56AAA95D628D}" = protocol=17 | dir=in | app=hpqscnvw.exe |
    "{9EDF72A1-9275-4F1E-B77B-862D57A9FFB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A11BEC3D-5BF3-4BBA-AD66-1C0231B4F528}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{A388965F-12F9-418D-B9B2-AC647F98FF91}" = protocol=17 | dir=in | app=hpqste08.exe |
    "{A6407D13-28C7-43D7-A830-D68CC44C9052}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{AA3EF63B-2042-45E0-8123-A48001439816}" = dir=in | app=c:\users\acer\appdata\local\temp\7zs6dc2\setup\hpznui01.exe |
    "{AF684690-2FF5-4DDE-A5DE-B7A0EAF78476}" = protocol=17 | dir=in | app=hpqkygrp.exe |
    "{B00087A8-A28B-4666-85B9-A32635C087CF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{B4B4C451-14A2-413B-86F1-AFEC6B7362E0}" = protocol=17 | dir=out | app=hpqste08.exe |
    "{B5003794-71C4-43BF-866A-78A0A88DE987}" = protocol=6 | dir=out | app=hpqtra08.exe |
    "{BFC74E6C-F0A1-4E43-8CCE-4FC1B49CA5D9}" = protocol=6 | dir=out | app=hpqscnvw.exe |
    "{C520351A-EF28-4A2E-91CA-5CE7C6D7BE0A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{C5AB5562-7378-40EB-B76E-1F1E1C2FF64B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{D44E8714-E9C0-4266-9238-F48D4EA5E7B0}" = protocol=6 | dir=in | app=hpqste08.exe |
    "{D48A10A6-338B-405F-BBC9-9A359E223747}" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\temp\7zs4a6b.tmp\symnrt.exe |
    "{D7168FC6-97D9-4A15-B733-AB9481FBF59F}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{DD5CDE42-CFDC-4B79-A545-E6E1192AC83D}" = protocol=17 | dir=in | app=hpqthb08.exe |
    "{DDBE46C9-7BCE-4C29-9CCF-502260BB7E7A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{DE11CE3E-A4E0-4080-B529-8172E0BC4072}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{DE7567F3-ED47-46B2-B02A-59BE967EAAAE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{E0630C0D-724C-48EC-BA2D-88AEF160741A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{EEDC7796-990B-42D9-B4B9-812167605532}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F05F5BA4-64E7-44F2-AAF6-DD3E11912837}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F23829D5-D719-4963-B065-D3399F1B210C}" = protocol=6 | dir=out | app=hpqthb08.exe |
    "{F9F00E00-6752-4C04-B6DB-DA7EBD30DF6D}" = protocol=6 | dir=in | app=hpqtra08.exe |
    "{FE98BFDB-6597-467F-8BBC-D319D242A686}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "TCP Query User{0F409F57-C449-4293-919A-415ACA44C916}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{125B469D-EA5D-48CA-9152-7971DC0132B3}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
    "TCP Query User{33D21B15-124E-4B92-8B2A-1936C8AC870E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{439FA366-D784-4EFE-BAA3-0DAC0C38892B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "TCP Query User{461D1B9D-40D8-4142-9896-5F1E36EE597C}C:\program files\hexacto games\lemonade tycoon\lemonade.exe" = protocol=6 | dir=in | app=c:\program files\hexacto games\lemonade tycoon\lemonade.exe |
    "TCP Query User{4854BEC5-583C-4BBE-9491-828D3DBD350D}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "TCP Query User{4D0B32E0-996E-44C4-9433-049651DD1E5D}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "TCP Query User{61DBDB90-ED7F-4936-9AB4-D0C7A834F806}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{6754BC48-3B0D-4133-89BB-D6A2342A827F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{79392218-E7AE-4367-96BB-9568628891E3}C:\program files\super junior widget\kyochon_widget.exe" = protocol=6 | dir=in | app=c:\program files\super junior widget\kyochon_widget.exe |
    "TCP Query User{812CE30C-66B5-40BB-A94A-32901CF70314}C:\users\acer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{939DDD33-FD29-4BA5-9608-AC3E2E8D7E85}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{9C59F818-3519-46C5-B186-29DDEFE97DFF}E:\super junior widget\kyochon_widget.exe" = protocol=6 | dir=in | app=e:\super junior widget\kyochon_widget.exe |
    "TCP Query User{C4C2A67D-3B1A-4128-B62D-99B2309771B1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{D3D71D54-D6E3-43FF-BA99-3659E8D0E4AA}C:\users\acer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{DA965641-071D-4E51-AD67-14F8E093798B}C:\users\acer\desktop\super junior widget\kyochon_widget.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\super junior widget\kyochon_widget.exe |
    "TCP Query User{E3714196-A8A1-49E2-BBAC-7B5E34806AF4}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{FD878C07-333C-4E3E-8426-9F25584F91ED}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{09D39A86-82E4-4935-85CC-91F60185972E}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{19DE9AE1-C88B-46AE-B05F-8D807F6352B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{1EB41034-4DCE-4D18-B011-B15D1ED83498}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{29CF8522-F949-41B0-B828-E7CFE6298418}C:\users\acer\desktop\super junior widget\kyochon_widget.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\super junior widget\kyochon_widget.exe |
    "UDP Query User{440E045F-380C-43C5-9C7F-D826FE5DCE2A}E:\super junior widget\kyochon_widget.exe" = protocol=17 | dir=in | app=e:\super junior widget\kyochon_widget.exe |
    "UDP Query User{5A040526-6E62-433B-8122-0DE775963A1C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{66E4799C-332D-43C4-BD2D-3A6EAB5E2594}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{682ADB4E-1354-418F-B209-C3745B447F6A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{83219E07-E786-4FA5-9B67-D3819D059B4E}C:\program files\super junior widget\kyochon_widget.exe" = protocol=17 | dir=in | app=c:\program files\super junior widget\kyochon_widget.exe |
    "UDP Query User{8590A340-3282-4F8C-8F4F-F72ABFA0159B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{9232EBFF-46A7-4357-8B9E-22D2531E80D4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{941D5840-0C7E-486B-9FCF-87DCC1664EA2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{9E6E2C58-01D3-4859-97C0-6AEDBBF73B20}C:\users\acer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{B99420D8-D336-4339-B637-B0E574DB87CF}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "UDP Query User{CAC999A5-423A-46AB-9086-88DC7BEB9E24}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
    "UDP Query User{E28EAC03-1B84-4104-A683-D6B434C5402E}C:\program files\hexacto games\lemonade tycoon\lemonade.exe" = protocol=17 | dir=in | app=c:\program files\hexacto games\lemonade tycoon\lemonade.exe |
    "UDP Query User{E53516EB-2AE8-499B-B666-861209189D98}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{EAECAE1D-2DCA-4F4E-9ACE-3117818471FB}C:\users\acer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\google\chrome\application\chrome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
    "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
    "{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
    "{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B75BF4B6-1AB7-4C84-AEE7-D86837308F14}" = STATGRAPHICS Centurion XVI.I English Supplemental
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{DE59A055-03C1-4FCE-9400-B76872DB5610}" = STATGRAPHICS Centurion XVI.I
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Audacity_is1" = Audacity 1.2.6
    "AVG" = AVG 2011
    "AviSynth" = AviSynth 2.5
    "BitComet" = BitComet 1.22
    "CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Creative Media Lite" = Creative Media Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo Creations" = HP Photo Creations
    "LimeWire" = LimeWire 5.5.8
    "LManager" = Launch Manager
    "MAGIX Music Maker 16 Premium Download Version UK" = MAGIX Music Maker 16 Premium Download Version
    "MAGIX Screenshare UK" = MAGIX Screenshare
    "MAGIX Speed burnR UK" = MAGIX Speed burnR
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Monopoly Here & Now Edition" = Monopoly Here & Now Edition
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
    "MpcStar" = MpcStar 5.1
    "MyCamera" = Canon Utilities MyCamera
    "NVIDIA Drivers" = NVIDIA Drivers
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Videora iPod Converter" = Videora iPod Converter 5.04
    "VLC media player" = VLC media player 1.1.5
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. laemon

    laemon TS Rookie Topic Starter

    OTL log

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Acer
    ->Temp folder emptied: 238093 bytes
    ->Temporary Internet Files folder emptied: 107706276 bytes
    ->Java cache emptied: 5334225 bytes
    ->FireFox cache emptied: 57916717 bytes
    ->Google Chrome cache emptied: 345332764 bytes
    ->Apple Safari cache emptied: 16384 bytes
    ->Opera cache emptied: 3823698 bytes
    ->Flash cache emptied: 478079 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 804 bytes
    ->Flash cache emptied: 519 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3306 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 497.00 mb


    [EMPTYFLASH]

    User: Acer
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 10092011_132342

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  13. laemon

    laemon TS Rookie Topic Starter

    Security Check

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2011
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    ``````````End of Log````````````
     
  14. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  15. laemon

    laemon TS Rookie Topic Starter

    ESET Scan log

    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Users\Acer\AppData\Local\TempImages\AutoUpdate.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
    C:\Users\Acer\Downloads\SoftonicDownloader_for_magix-music-maker.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
     
  16. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. laemon

    laemon TS Rookie Topic Starter

    OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Acer
    ->Temp folder emptied: 151028 bytes
    ->Temporary Internet Files folder emptied: 6097378 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 12256118 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 343 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 544 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18.00 mb


    [EMPTYFLASH]

    User: Acer
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.29.1 log created on 10092011_163953

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Acer\AppData\Local\Temp\etilqs_3q6Db5m3MeNb4jt not found!

    Registry entries deleted on Reboot...
     
  18. laemon

    laemon TS Rookie Topic Starter

    Thanks Broni!

    Awesome, Broni. Thanks for helping me from beginning 'til the end. I'll be more cautious with my internet activities from now on, and this thread will be bookmarked so I could be reminded of this incident.

    I'll let you know if anything happens.

    Again, thank you! :D
     
  19. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  20. laemon

    laemon TS Rookie Topic Starter

    Hi Broni,

    In response to "13. Please, let me know, how your computer is doing", my computer is running normally ever since you have helped me clean it. I installed the 30-day trial of AVG for further internet security. Apart from the annoying messages that always pop-up asking if I'm allowing Google Chrome or Plants vs Zombies to access the internet, I have no concerns about it.



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8142

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/11/2011 1:21:53 PM
    mbam-log-2011-11-11 (13-21-53).txt

    Scan type: Quick scan
    Objects scanned: 191291
    Time elapsed: 10 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  21. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Very well then :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.