Solved IC8D1A13...infection

avg back up and running...firewalls activated...BUT the same window popped up in the middle of screen while programs were loading after reboot (AVG was installed) backdoor trojan threat detected..????

I have to quit for the night Broni..sorry man and thanks for your continued support and putting up with me..
 
OTL logfile created on: 7/20/2012 5:22:02 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Randy Enns\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.77% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.80 Gb Total Space | 105.40 Gb Free Space | 75.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 7.95 Gb Free Space | 79.44% Space Free | Partition Type: NTFS

Computer Name: RANDY | User Name: Randy Enns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 17:19:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
PRC - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 13:04:48 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 09:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 23:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 09:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 09:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/01 13:28:14 | 001,545,144 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/09/06 14:23:52 | 000,542,064 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/02 03:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 03:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 03:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/19 14:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 02:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 19:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/16 14:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/06/01 00:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 23:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/27 11:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 13:04:59 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/10 13:04:48 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 09:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 09:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 19:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/02 03:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 03:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 16:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/23 17:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2004/09/09 19:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\Everio MediaBrowser 3\pxl_m17n_tool.dll
MOD - [2004/07/20 20:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2.dll -- (ZDCNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symndis.dll -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (X10UIF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_fltr.dll -- (WmXlCore)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zd1211u(zydas).dll -- (winpower)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viamraid.dll -- (websenseclientdeployservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zunenetworksvc.dll -- (wcontrol)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetdhcp.dll -- (w810bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regmon701.dll -- (w300mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (vxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (UxTuneUp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tcpip.dll -- (UVCFTR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525mdm.dll -- (usbcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Si3132r5.dll -- (ufad-ws60)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (tunnelguardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ndisipo.dll -- (TPECioCtl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (tomcatcws3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uiusys.dll -- (tb2launch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (superproserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tiwlnsvc.dll -- (ssmdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acpiec.dll -- (ssm_mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbohci.dll -- (ss_bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnshay.dll -- (sqlagent$soshome22)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SDdriver.dll -- (sqlagent$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (SNTIE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\artourservice.dll -- (SiSRaid2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (se58mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smsmdd.dll -- (se58bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w300mdfl.dll -- (se44mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (se44bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MR97310_USB_DUAL_CAMERA.dll -- (sdhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpcnet.dll -- (s616obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616nd5.dll -- (s616mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FreeTdi.dll -- (s116bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\perc2hib.dll -- (roxupnprenderer)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\awservice.dll -- (rnadirectory)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RadProbe.dll -- (REVOSENS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msftesql.dll -- (REVO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rdnaoflsvc.dll -- (retroexplauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symredrv.dll -- (raysatxsi5_0server)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\orbpvr.dll -- (RapiMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensecamserver.dll -- (qbposdbservices)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HabuFltr.dll -- (ps2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWSAP.dll -- (procdd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (PID_08A0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_fltr.dll -- (pdlnemap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (pdlncfwk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshasp.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{95808DC4-FA4A-4c74-92FE-5B863F82066B}.dll -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mdfl.dll -- (obvious)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\L8042mou.dll -- (mwstick)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NMSSvc.dll -- (mwssched)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\delldmi.dll -- (mssql$microsoftsmlbiz)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqarray.dll -- (MSMQ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rtport.dll -- (MSICPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (mrvw245)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epgspooler.dll -- (mozyFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\haspnt.dll -- (mclogmanagerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsbus.dll -- (mcdetect.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\syslogd.dll -- (McciCMService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LRMINIPORT.dll -- (mcafeeframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (lxct_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sentinelprotectionserver.dll -- (lgsnd_filter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicconfigsvc.dll -- (KR10N)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525mdfl.dll -- (kodakccs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\V0070VID.dll -- (kerbkey)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtfilter.dll -- (k750bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z800mdm.dll -- (JRAID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaD10BA.dll -- (igniteservice.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgsvcgen.dll -- (iaimfp4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SlNtHal.dll -- (hwpsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IntuitUpdateService.dll -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UBHelper.dll -- (gdihook5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slssvc.dll -- (FINEPIX_PCC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PD0620VID.dll -- (dphost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetTcpActivator.dll -- (dot4ufd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\defragfs.dll -- (d-link_st3402)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecalertserver.dll -- (Defrag32b)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usb20l.dll -- (datunidr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\savscan.dll -- (cvspydr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\splitter.dll -- (cpqfws2e)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmudau.dll -- (cpqdfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mdm.dll -- (ccalib8)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpntsrv.dll -- (captureservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccproxy.dll -- (btwdins)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RTL8023xp.dll -- (btkrnl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiSRaid.dll -- (btfirst)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (BoiHwsetup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igniteservice.exe.dll -- (backupexecalertserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonywbms.dll -- (avinitnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsndres.dll -- (ATMsrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (amfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vds.dll -- (adihdaudaddservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032M.dll -- (adfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (aamqdispatcher)
SRV - [2012/07/17 17:35:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 13:04:56 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 09:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/07 12:30:28 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/02 09:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/23 13:55:56 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2006/02/07 19:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 11:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 09:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 09:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 09:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 09:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 04:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 04:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 04:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/10 10:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/06 00:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/04/03 00:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/02 04:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/30 19:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/04 18:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/12 20:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/29 21:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/06/01 14:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=107&systemid=2&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 12 05 11 4A 64 CB 01 [binary data]
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=913FF6F9-1C2E-4E95-86B6-EF77640CFA6D
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...786bf9d4bd1&lang=en&ds=AVG&pr=fr&d=2012-01-25 08:47:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=107&systemid=2&q={searchTerms}
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{F87677B9-16BF-4098-8031-ED3F0C7DE392}: "URL" = http://search.avg.com/?d=4d537ace&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\SearchScopes\{F901F1B7-8A11-4814-9AD0-980571FEE566}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://canuckscorner.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 13:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 17:35:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/12 16:00:35 | 000,000,000 | ---D | M]

[2011/08/05 20:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Extensions
[2010/10/25 20:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/07/16 11:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions
[2010/05/26 23:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/16 11:44:52 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/05 20:28:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2010/10/29 08:11:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml
[2010/02/24 11:05:27 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\bing.xml
[2011/08/05 20:27:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\SearchResults.xml
[2012/07/12 16:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/22 17:37:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/10 13:05:11 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.12
[2011/07/25 16:47:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/17 17:35:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/25 16:47:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/10 13:04:35 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/23 13:30:07 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/07/12 16:00:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/05 20:27:48 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/07/12 16:00:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/19 21:56:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor 3.lnk = C:\Program Files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{762FBD51-8777-4DD8-B6E4-C3C9D20C54D2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Randy Enns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Randy Enns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 18:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 17:19:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
[2012/07/19 22:26:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/19 21:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/19 20:31:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/19 20:29:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/19 20:29:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/19 20:29:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/19 20:29:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/19 20:13:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 20:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/19 19:55:15 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Randy Enns\Desktop\ComboFix.exe
[2012/07/18 23:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Desktop\compfix
[2012/07/18 21:01:05 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/07/18 20:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Application Data\Malwarebytes
[2012/07/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/18 20:15:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/18 20:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/14 21:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/07/14 16:12:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Randy Enns\Recent
[2012/07/12 22:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums_files
[2012/07/12 16:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/12 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/11 14:07:20 | 000,000,000 | ---D | C] -- C:\3359bb307089d46d58a69cb8
[2012/07/11 14:06:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/11 13:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\AVG Secure Search
[2012/07/07 11:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy Enns\Application Data\AVG Secure Search
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 17:29:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/20 17:19:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Enns\Desktop\OTL.exe
[2012/07/20 17:08:54 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/07/20 17:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/20 17:08:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/07/20 17:06:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 17:06:41 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 12:11:36 | 101,781,069 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/19 21:56:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/19 20:32:01 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/07/19 19:55:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Randy Enns\Desktop\ComboFix.exe
[2012/07/18 20:15:55 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 12:45:39 | 000,445,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 12:45:39 | 000,073,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/14 20:18:46 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\cdrescue.vbs
[2012/07/12 22:28:59 | 000,094,028 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums.htm
[2012/07/12 16:02:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 13:20:52 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/07/12 13:09:24 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 18:48:00 | 000,312,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/07 16:47:11 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Desktop\bobo.bmp
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/19 21:54:33 | 2145,439,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/19 20:32:01 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/07/19 20:31:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/19 20:29:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/19 20:29:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/19 20:29:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/19 20:29:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/19 20:29:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/18 20:15:55 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 20:18:46 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\cdrescue.vbs
[2012/07/12 22:28:58 | 000,094,028 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\TechSpot Forums.htm
[2012/07/12 16:00:36 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/07 16:47:07 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Desktop\bobo.bmp
[2012/04/07 19:10:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/12 11:40:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/12/29 20:39:49 | 000,258,348 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\rx_image32.Cache
[2008/05/20 20:46:41 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Application Data\sdi.db
[2008/01/12 23:06:59 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/25 12:02:40 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/14 11:47:09 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Randy Enns\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========
 
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
[2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
[2012/07/12 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/25 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/25 11:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/07/24 18:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/08/16 18:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/10 00:41:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/04 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2012/04/07 18:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/07/20 12:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/10/15 11:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/03/31 18:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Print2RDP Client
[2011/07/25 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/12/29 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/07/24 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2008/12/29 20:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/16 18:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{309C802B-A076-4563-B164-B62C0C145153}
[2011/02/11 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/26 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\toshiba
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser.RANDY\Application Data\toshiba
[2008/12/27 19:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\585Soft
[2012/07/07 11:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG Secure Search
[2012/01/25 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG2012
[2011/07/25 16:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\BabylonToolbar
[2011/07/25 16:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\bsbandmltbpi
[2009/06/26 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Citrix
[2011/01/01 22:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\FrostWire
[2012/03/18 14:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\ICAClient
[2009/05/12 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\InterVideo
[2011/12/12 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\mediabarbs
[2007/02/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\MSNInstaller
[2011/07/25 16:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\OpenCandy
[2007/02/13 23:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Opera
[2008/12/27 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\RhinoSoft.com
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\toshiba
[2010/11/09 20:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Uniblue
[2010/12/03 22:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Windows Live Writer
[2007/02/18 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\MSNInstaller
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\toshiba
[2012/01/25 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG Secure Search
[2012/01/25 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG2012
[2011/09/23 13:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\Babylon
[2011/09/08 12:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\BabylonToolbar
[2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\bsbandmltbpi
[2012/03/16 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\FrostWire
[2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\mediabarbs
[2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\toshiba
[2012/07/20 17:08:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2012/07/20 17:29:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream

< End of report >
 
there is not a file named extras.text and an error message popped up :

win32error code 1500
event log file is corrupted
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (superproserver)
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010/10/29 08:11:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - Startup: C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk = File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
[2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream

:Files
C:\Program Files\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
 
Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
 
All processes killed
========== OTL ==========
Service superproserver stopped successfully!
Service superproserver deleted successfully!
File %systemroot%\system32\MRV6X32P.dll not found.
No active process named Updater.exe was found!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\131C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\1A399 folder moved successfully.
ADS C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream deleted successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LogMeInRemoteUser.RANDY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 27621 bytes
->Flash cache emptied: 15571 bytes

User: Randy Enns
->Temp folder emptied: 20427808 bytes
->Temporary Internet Files folder emptied: 755301 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75541954 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2185 bytes

User: Tana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tana Lynn
->Temp folder emptied: 1190419 bytes
->Temporary Internet Files folder emptied: 1264013 bytes
->Java cache emptied: 6058897 bytes
->FireFox cache emptied: 94665085 bytes
->Flash cache emptied: 96726 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68875 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 191.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: LogMeInRemoteUser

User: LogMeInRemoteUser.RANDY

User: NetworkService
->Java cache emptied: 0 bytes

User: Randy Enns
->Java cache emptied: 0 bytes

User: Tana

User: Tana Lynn
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: LogMeInRemoteUser

User: LogMeInRemoteUser.RANDY

User: NetworkService
->Flash cache emptied: 0 bytes

User: Randy Enns
->Flash cache emptied: 0 bytes

User: Tana

User: Tana Lynn
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07202012_205126

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.0
CCleaner (remove only)
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 19-07-2012
Ran by Randy Enns (administrator) on 20-07-2012 at 21:04:52
Running from "C:\Documents and Settings\Randy Enns\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) fssfltr(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
 
C:\Documents and Settings\Randy Enns\Application Data\OpenCandy\OpenCandy_1198725F1E3F46B0A8223DEE8E9FDA34\registrybooster(1).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Documents and Settings\Randy Enns\Desktop\computerprograms\noadware.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Randy Enns\Desktop\Tana\Tana Lynn\My Documents\FlvPlayerSetup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent(2).exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Tana Lynn\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_22.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_36.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_4.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_84.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_32.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_34.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_39.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_75.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_13.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_30.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_80.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_88.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133144.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133145.exe multiple threats cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133146.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133147.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133148.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133149.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133150.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133151.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133152.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133153.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133154.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133155.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133156.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133157.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133158.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133159.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133160.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133161.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133162.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133163.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133164.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133165.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133166.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133167.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
Operating memory a variant of Win32/Toolbar.SearchSuite application



*I think it said 50 of 51 fixed
 
You must log in or register to reply here.

Similar threads

O
Android wont open downloaded file
Replies
0
Views
215
oysterkissez
O
Hodsocks
Aligning pages across 3 monitors
Replies
0
Views
594
Hodsocks
Hodsocks
M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M

Latest posts

Back