Solved Laptop running painfully slow

mikeyj67

Posts: 39   +0
Laptop started running very slow the past couple of days. Norton and Mbam do not find anything in their scans. Do you think I am infected based on the logs?



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Johnson :: JOHNSON-77F3B3C [administrator]

1/18/2013 5:45:54 PM
mbam-log-2013-01-18 (17-45-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224446
Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by Johnson at 17:48:06 on 2013-01-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.808 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Conexant\SmartAudio\SmAudio.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uProxyOverride = ;192.168.*.*
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\johnson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Nike+ Connect] "c:\documents and settings\johnson\local settings\application data\nike\nike+ connect\Nike+ Connect daemon.exe"
uRun: [Updater21804.exe] c:\documents and settings\johnson\local settings\application data\updater21804\Updater21804.exe /extensionid=21804 /extensionname='Coupon Companion Plugin' /chromeid=jneaojaoiajhnemidnjhoempalnidbhj /stayidle /delay=300
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SmAudio] c:\program files\conexant\smartaudio\SmAudio.exe -c
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NWEReboot] <no file>
StartupFolder: c:\docume~1\johnson\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357792319234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE} : DHCPNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\
FF - prefs.js: browser.startup.homepage - comcast.net/a
FF - plugin: c:\documents and settings\johnson\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-01-13 18:45; extension21804@extension21804.com; c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
FF - ExtSQL: 2013-01-13 19:13; wecarereminder@bryan; c:\documents and settings\johnson\application data\mozilla\firefox\profiles\hsif6t0m.default\extensions\wecarereminder@bryan
FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-9-13 299280]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-2 132056]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.11.20\ccSvcHst.exe [2011-8-31 126392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-2-24 1294904]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-2-24 656440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20130117.001\IDSXpx86.sys [2013-1-17 373728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-18 40776]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20130118.007\NAVENG.SYS [2013-1-18 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20130118.007\NAVEX15.SYS [2013-1-18 1603824]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-12-10 13312]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e338756ac4d8;Google Update Service (gupdate1c9e338756ac4d8);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-12 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-8-13 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-2-24 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2007-6-7 148056]
S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [2007-9-20 9728]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-11-24 9472]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-12 181432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-24 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-12-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-12-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-12-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-12-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-12-5 25704]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-01-19 00:45:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-18 20:03:41 -------- d-----w- C:\N360_BACKUP
2013-01-14 01:45:33 -------- d-----w- c:\documents and settings\johnson\local settings\application data\Updater21804
2013-01-14 01:44:42 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
2013-01-14 01:44:23 -------- d-----w- c:\program files\Coupon Companion Plugin
2013-01-10 18:27:45 -------- d-sh--w- c:\documents and settings\johnson\IETldCache
2013-01-10 05:50:59 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-10 05:49:51 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-01-10 05:49:15 -------- d-----w- c:\windows\ie8updates
2013-01-10 05:48:28 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-01-10 05:48:28 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-01-10 05:48:28 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-01-10 05:44:41 -------- dc-h--w- c:\windows\ie8
2013-01-10 05:06:24 -------- d-----w- c:\windows\system32\winrm
2013-01-10 05:06:20 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-01-10 05:01:53 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-01-10 05:01:53 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2013-01-10 05:01:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-01-10 05:01:53 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2013-01-10 05:01:53 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2013-01-10 05:01:53 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-01-10 05:01:53 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2013-01-10 05:01:53 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
==================== Find3M ====================
.
2013-01-09 16:46:37 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 16:46:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 16:46:31 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 17:50:56.78 ===============
 
Hi there, let's run the following:

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
# AdwCleaner v2.106 - Logfile created 01/19/2013 at 12:15:20
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Johnson - JOHNSON-77F3B3C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Johnson\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\wecarereminder@bryan

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358127831);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358127831");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358127831");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jan 20 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358622266");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358129719099");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22130781%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358129665118");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sat Jan [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358129641);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22643667);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22643708);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19827 octets] - [19/01/2013 12:10:17]
AdwCleaner[S2].txt - [19845 octets] - [19/01/2013 12:15:20]

########## EOF - C:\AdwCleaner[S2].txt - [19906 octets] ##########
 
Can't find MBR.dat







# AdwCleaner v2.106 - Logfile created 01/19/2013 at 12:15:20
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Johnson - JOHNSON-77F3B3C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Johnson\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\wecarereminder@bryan

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358127831);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358127831");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358127831");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jan 20 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358622266");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677915%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358129719099");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22130781%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358129665118");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sat Jan [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358129641);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22643667);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22643708);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19827 octets] - [19/01/2013 12:10:17]
AdwCleaner[S2].txt - [19845 octets] - [19/01/2013 12:15:20]

########## EOF - C:\AdwCleaner[S2].txt - [19906 octets] ##########









~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.5 (01.19.2013:1)
OS: Microsoft Windows XP x86
Ran by Johnson on Sat 01/19/2013 at 20:14:43.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\smallfrogs studio



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Johnson\Application Data\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\prefs.js

user_pref("extensions.crossrider.bic", "1350d081d88acb86215598cfe049596a");
user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358651063);
user_pref("extensions.crossriderapp21804.21804.active", true);
user_pref("extensions.crossriderapp21804.21804.addressbar", "");
user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
user_pref("extensions.crossriderapp21804.21804.backgroundver", 4);
user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358651063");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358651063");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Sat Jan 19 2013 20:13:58 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sat Jan 26 2013 20:08:58 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1358651642");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221357677761%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22100086%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22100086%
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677761%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22133177%22");
user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358651336930");
user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
user_pref("extensions.crossriderapp21804.21804.domain", "");
user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
user_pref("extensions.crossriderapp21804.21804.group", 0);
user_pref("extensions.crossriderapp21804.21804.homepage", "");
user_pref("extensions.crossriderapp21804.21804.iframe", false);
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "15");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sun Jan 20 2013 02:04:25 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:
user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
user_pref("extensions.crossriderapp21804.21804.newtab", "");
user_pref("extensions.crossriderapp21804.21804.opensearch", "");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 12);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(d){console.log(d)},fac
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 6);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);}
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,22,72,1000014,28");
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp21804.21804.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21804/plugins/087/ff/plugins.json");
user_pref("extensions.crossriderapp21804.21804.pluginsversion", 12);
user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
user_pref("extensions.crossriderapp21804.21804.thankyou", "");
user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
user_pref("extensions.crossriderapp21804.21804.ver", 15);
user_pref("extensions.crossriderapp21804.apps", "21804");
user_pref("extensions.crossriderapp21804.bic", "1350d081d88acb86215598cfe049596a");
user_pref("extensions.crossriderapp21804.cid", 21804);
user_pref("extensions.crossriderapp21804.firstrun", false);
user_pref("extensions.crossriderapp21804.hadappinstalled", true);
user_pref("extensions.crossriderapp21804.installationdate", 1358651063);
user_pref("extensions.crossriderapp21804.lastcheck", 22644184);
user_pref("extensions.crossriderapp21804.lastcheckitem", 22644189);
user_pref("extensions.crossriderapp21804.modetype", "production");
user_pref("extensions.crossriderapp21804.reportInstall", true);
user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Documents and Settings\Johnson\Application Data\mozilla\firefox\profiles\hsif6t0m.default\minidumps [59 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/19/2013 at 20:27:01.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 21:35:30
-----------------------------
21:35:30.843 OS Version: Windows 5.1.2600 Service Pack 3
21:35:30.843 Number of processors: 2 586 0x301
21:35:30.843 ComputerName: JOHNSON-77F3B3C UserName: Johnson
21:35:32.859 Initialize success
21:35:47.171 AVAST engine defs: 13011901
21:36:10.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
21:36:10.359 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
21:36:10.390 Disk 0 MBR read successfully
21:36:10.390 Disk 0 MBR scan
21:36:10.453 Disk 0 Windows XP default MBR code
21:36:10.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
21:36:10.468 Disk 0 scanning sectors +625121280
21:36:10.609 Disk 0 scanning C:\WINDOWS\system32\drivers
21:36:37.609 Service scanning
21:37:17.187 Modules scanning
21:37:38.187 AVAST engine scan C:\WINDOWS
21:38:31.265 AVAST engine scan C:\WINDOWS\system32
21:46:13.843 AVAST engine scan C:\WINDOWS\system32\drivers
21:47:40.546 AVAST engine scan C:\Documents and Settings\Johnson
22:09:49.515 AVAST engine scan C:\Documents and Settings\All Users
22:28:28.671 Scan finished successfully
22:42:09.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Johnson\Desktop\MBR.dat"
22:42:09.406 The log file has been saved successfully to "C:\Documents and Settings\Johnson\Desktop\aswMBR.txt"
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 13-01-17.04 - Johnson 01/20/2013 15:56:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1720 [GMT -7:00]
Running from: c:\documents and settings\Johnson\Desktop\Laptop Fix\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804\Updater21804.exe
c:\documents and settings\Johnson\My Documents\~WRL0535.tmp
c:\documents and settings\Johnson\My Documents\~WRL0821.tmp
c:\documents and settings\Johnson\My Documents\~WRL2404.tmp
c:\documents and settings\Johnson\My Documents\~WRL3040.tmp
c:\documents and settings\Johnson\My Documents\~WRL3103.tmp
c:\documents and settings\Johnson\My Documents\~WRL3107.tmp
c:\documents and settings\Johnson\My Documents\~WRL3623.tmp
c:\documents and settings\Johnson\My Documents\~WRL4007.tmp
c:\documents and settings\Johnson\Recent\Thumbs.db
c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-20 03:14 . 2013-01-20 03:14 -------- d-----w- c:\windows\ERUNT
2013-01-20 02:43 . 2013-01-20 03:14 -------- d-----w- C:\JRT
2013-01-19 00:45 . 2013-01-19 00:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-18 20:03 . 2013-01-18 20:03 -------- d-----w- C:\N360_BACKUP
2013-01-14 01:45 . 2013-01-14 01:45 -------- d-----w- c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804
2013-01-14 01:44 . 2013-01-20 23:05 -------- d-----w- c:\program files\Coupon Companion Plugin
2013-01-10 18:27 . 2013-01-10 18:27 -------- d-sh--w- c:\documents and settings\Johnson\IETldCache
2013-01-10 10:18 . 2013-01-10 10:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-01-10 05:50 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-10 05:49 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-01-10 05:48 . 2012-11-01 12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-01-10 05:48 . 2012-11-01 12:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-01-10 05:44 . 2013-01-10 05:48 -------- dc-h--w- c:\windows\ie8
2013-01-10 05:06 . 2013-01-10 05:06 -------- d-----w- c:\windows\system32\winrm
2013-01-10 05:06 . 2013-01-10 05:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-01-10 05:01 . 2012-11-01 12:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-01-10 05:01 . 2012-11-01 12:17 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-01-10 05:01 . 2012-11-01 00:34 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2013-01-10 05:01 . 2009-03-08 11:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2013-01-10 05:01 . 2009-03-08 11:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2013-01-10 05:01 . 2009-02-07 04:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2013-01-09 01:17 . 2013-01-09 19:43 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:46 . 2012-03-28 22:06 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 16:46 . 2011-07-26 02:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 16:46 . 2012-12-12 14:46 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-16 12:23 . 2004-08-04 07:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 23:49 . 2009-06-21 16:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-04 06:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:29 . 2012-11-08 18:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 07:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2013-01-19 06:05 . 2013-01-19 06:04 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\a_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2012-09-04 14:54 730552 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-09 94208]
"Nike+ Connect"="c:\documents and settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-07-24 3495240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-11-27 70656]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Johnson\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-12-10 473616]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-6 83360]
MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [2012-9-4 56760]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-2-24 562232]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-23 14:58 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [10/31/2011 1:11 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [10/31/2011 1:11 PM 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130111.001\BHDrvx86.sys [1/15/2013 11:23 AM 995488]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [9/13/2012 9:35 PM 299280]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [10/31/2011 1:11 PM 485512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [10/31/2011 1:11 PM 116784]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 2:00 PM 214896]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 1:11 PM 126400]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [9/2/2012 5:20 PM 132056]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 1:25 PM 87040]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe [8/31/2011 2:52 PM 126392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2/24/2012 6:02 AM 1294904]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2/24/2012 6:02 AM 656440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/13/2012 8:31 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130118.001\IDSXpx86.sys [1/18/2013 6:05 PM 373728]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [6/3/2008 8:30 AM 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [7/17/2008 4:01 PM 269760]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/10/2010 7:42 PM 13312]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 7:19 AM 15544]
S2 gupdate1c9e338756ac4d8;Google Update Service (gupdate1c9e338756ac4d8);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2009 9:13 PM 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/12/2012 7:22 PM 80184]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [8/13/2012 4:52 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 5:01 PM 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/18/2013 5:45 PM 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/24/2012 4:32 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [6/7/2007 4:00 PM 148056]
S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [9/20/2007 2:59 PM 9728]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [11/24/2009 2:35 PM 9472]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/12/2012 7:22 PM 181432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/24/2010 9:44 PM 11520]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [12/5/2012 7:00 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [12/5/2012 7:00 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [12/5/2012 7:00 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [12/5/2012 7:01 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [12/5/2012 7:01 PM 25704]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 16:46]
.
2013-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 05:15]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 04:13]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 04:13]
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
- c:\documents and settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 20:04]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
- c:\documents and settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 20:04]
.
2013-01-19 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-01-20 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-01-19 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-01-17 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job
- c:\program files\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-09-03 01:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\
FF - ExtSQL: 2013-01-13 18:45; extension21804@extension21804.com; c:\documents and settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Updater21804.exe - c:\documents and settings\Johnson\Local Settings\Application Data\Updater21804\Updater21804.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-20 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1200)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
c:\program files\MiMedia LLC\MiMedia\sqlite3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\CbFsNetRdr3.dll
c:\program files\Common Files\Ahead\lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\lib\MFC71U.DLL
c:\windows\system32\nvwddi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\qedit.dll
c:\program files\Common Files\Ahead\DSFilter\NeVideo.ax
c:\program files\Common Files\Ahead\lib\AdvrCntr2.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-01-20 18:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-21 01:25
.
Pre-Run: 269,793,783,808 bytes free
Post-Run: 270,279,970,816 bytes free
.
- - End Of File - - B7FE83891869E7CC4CAF0B114336F8CA
 
TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Johnson [Admin rights]
Mode : Scan -- Date : 01/21/2013 15:19:09

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1454471165-1383384898-682003330-1003[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A7B8F30)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A7BAC10)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A9B7660)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A9B84D0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A8A22B0)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x889EAC50)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x889E9008)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A7ED8A8)
SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A990A70)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A8B25D0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A9B5C00)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A7B60E0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A7B70C0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A8566B0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x889EAF70)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A99E5C0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A884138)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A7B8560)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A9A4890)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A8573E0)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x889EA608)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A7BE968)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7E2390)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7DB7C8)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x8A9A4998)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A986C98)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7D0CB0)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A7C0150)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7D1600)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A7E2468)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A8D3458)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A7AC950)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A82DE50)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A7A6D90)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89238630)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AA9AFC0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89F5AAA0)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A6E4700)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8934F6F8)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A8D31A8)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A6E54E8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS +++++
--- User ---
[MBR] 10ba8d301134e239f8024379f2e54387
[BSP] e155bb5a4598d638674f82dd34d32b12 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01212013_02d1519.txt >>
RKreport[1]_S_01212013_02d1519.txt



RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Johnson [Admin rights]
Mode : Remove -- Date : 01/21/2013 15:22:55

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe") -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A7B8F30)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A7BAC10)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A9B7660)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A9B84D0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A8A22B0)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x889EAC50)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x889E9008)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A7ED8A8)
SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A990A70)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A8B25D0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A9B5C00)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A7B60E0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A7B70C0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A8566B0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x889EAF70)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A99E5C0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A884138)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A7B8560)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A9A4890)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A8573E0)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x889EA608)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A7BE968)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A7E2390)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7DB7C8)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x8A9A4998)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A986C98)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A7D0CB0)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A7C0150)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A7D1600)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A7E2468)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A8D3458)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A7AC950)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A82DE50)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A7A6D90)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89238630)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AA9AFC0)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89F5AAA0)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A6E4700)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8934F6F8)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A8D31A8)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A6E54E8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS +++++
--- User ---
[MBR] 10ba8d301134e239f8024379f2e54387
[BSP] e155bb5a4598d638674f82dd34d32b12 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01212013_02d1522.txt >>
RKreport[1]_S_01212013_02d1519.txt ; RKreport[2]_D_01212013_02d1522.txt





RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Johnson [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/21/2013 15:27:32

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Nike+ Connect daemon.exe -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 12 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 215 / Fail 0
My documents: Success 18 / Fail 18
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 80 / Fail 9
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+3 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_01212013_02d1527.txt >>
RKreport[1]_S_01212013_02d1519.txt ; RKreport[2]_D_01212013_02d1522.txt ; RKreport[3]_SC_01212013_02d1527.txt
 

Attachments

  • TDSSKiller.2.8.15.0_21.01.2013_15.02.19_log.txt
    214.7 KB · Views: 2
OTL logfile created on: 1/21/2013 3:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Johnson\Desktop\Laptop Fix
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.88% Memory free
4.59 Gb Paging File | 3.83 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 251.78 Gb Free Space | 84.47% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-77F3B3C | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 14:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix\OTL.exe
PRC - [2012/11/26 17:56:36 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012/09/04 07:54:02 | 000,056,760 | ---- | M] (MiMedia LLC) -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
PRC - [2012/08/24 07:23:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/03 12:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/02/24 06:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/02/24 06:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/02/24 06:02:26 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/03/16 16:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
PRC - [2010/11/17 11:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/03/18 14:37:08 | 000,145,264 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buvss.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 14:37:36 | 003,495,240 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SMAUDIO.EXE
PRC - [2005/09/09 12:26:06 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 22:41:38 | 002,405,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\93cb94f8a357f49b5da159a74425b77d\System.Web.Extensions.ni.dll
MOD - [2013/01/09 22:41:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\610f66c312830e9aae20c0258b8603dd\System.Web.Abstractions.ni.dll
MOD - [2013/01/09 22:41:29 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll
MOD - [2013/01/09 22:41:17 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013/01/09 22:41:04 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/09 22:40:44 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 22:40:14 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll
MOD - [2013/01/09 22:38:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/09 22:38:00 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll
MOD - [2013/01/09 22:37:45 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll
MOD - [2013/01/09 22:37:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 22:37:07 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\91442e74da926f6b2c33b5754014940d\System.IdentityModel.ni.dll
MOD - [2013/01/09 22:32:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 22:32:45 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/09 22:32:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 22:32:13 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/09 22:32:06 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/09 22:31:06 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 22:30:58 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 03:43:38 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/01/09 03:43:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/09/04 07:54:02 | 000,945,592 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_UI.dll
MOD - [2012/09/04 07:54:02 | 000,910,776 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\System.Data.SQLite.dll
MOD - [2012/09/04 07:54:02 | 000,453,560 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\sqlite3.dll
MOD - [2012/09/04 07:54:02 | 000,243,640 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_DAL.dll
MOD - [2012/09/04 07:54:02 | 000,105,912 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_Core.dll
MOD - [2012/09/04 07:54:02 | 000,074,168 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_BLL.dll
MOD - [2012/09/04 07:54:02 | 000,028,088 | ---- | M] () -- C:\Program Files\MiMedia LLC\MiMedia\MiMedia_OS.dll
MOD - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/11/17 11:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/18 23:05:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 09:46:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 07:23:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 12:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/02/24 06:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/02/24 06:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2011/03/16 16:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Johnson\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/16 08:09:35 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130120.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 08:09:34 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130120.018\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/23 16:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130111.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130118.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/08 21:01:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 21:01:49 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/25 22:18:32 | 000,299,280 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011/12/07 21:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/12/07 21:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/05 21:06:15 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/09/02 16:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/06/22 17:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/05/21 08:01:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
DRV - [2010/04/05 22:23:10 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/05 22:23:10 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/13 12:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/08/25 02:22:00 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 10:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 10:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/17 16:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/06/03 08:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/04/27 09:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/22 06:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/02/08 08:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/04 16:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/18 13:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/20 14:59:36 | 000,009,728 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\palmmdm.sys -- (palmmdm)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/07 16:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA004Afx.sys -- (OA004Afx)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 13:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2003/11/30 19:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/"
FF - prefs.js..extensions.enabledAddons: MulticolumnBookmarks%40Maxim.Kudimov:1.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\4.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/24 09:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2013/01/20 16:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/26 19:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 20:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 18:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/10 11:34:27 | 000,000,000 | ---D | M]
 
[2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions
[2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/07 08:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/01/19 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions
[2012/10/03 10:21:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/22 17:40:30 | 000,000,000 | ---D | M] (Column Bookmarks FF3) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\ColumnBookmarksFF3@dischert.luc
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2011/06/29 08:58:46 | 000,005,563 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\MulticolumnBookmarks@Maxim.Kudimov.xpi
[2012/09/09 12:26:54 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/01/18 23:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 23:05:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/20 12:30:34 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/24 19:03:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/12 08:39:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:48:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/20 18:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiMedia.lnk = C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe (MiMedia LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Johnson\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357792319234 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Johnson/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 00:26:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\RK_Quarantine
[2013/01/20 20:12:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/20 18:27:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\PrivacIE
[2013/01/20 15:53:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/20 15:53:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/20 15:53:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/20 15:53:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/20 15:52:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/20 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix
[2013/01/19 20:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/19 19:43:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/18 23:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/18 17:45:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/18 13:03:41 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/01/13 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Updater21804
[2013/01/13 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
[2013/01/12 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\My Documents\scienceposter
[2013/01/11 09:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\basket
[2013/01/10 11:27:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\IETldCache
[2013/01/09 22:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/01/09 22:44:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/01/09 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/01/09 22:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/01/09 22:06:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/01/09 22:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2013/01/09 22:01:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/01/09 21:59:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2013/01/09 21:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2013/01/09 21:58:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2013/01/08 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

========== Files - Modified Within 30 Days ==========

[2013/01/21 15:26:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 15:24:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
[2013/01/21 14:58:15 | 000,020,063 | ---- | M] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
[2013/01/21 14:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/21 12:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/21 07:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 03:24:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
[2013/01/20 20:57:44 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\PC Checkup 3 Weekly Scan.job
[2013/01/20 20:19:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/01/20 18:24:54 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/20 18:14:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/20 18:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/20 16:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2013/01/20 16:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/19 16:33:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2013/01/19 16:33:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/13 18:40:28 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Johnson\default.pls
[2013/01/11 11:23:31 | 000,239,072 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
[2013/01/11 08:25:17 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 08:25:16 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\Google Chrome.lnk
[2013/01/10 11:27:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/09 23:00:50 | 000,524,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 23:00:50 | 000,095,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 22:51:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/09 12:47:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 20:48:37 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg

========== Files Created - No Company Name ==========

[2013/01/21 14:58:14 | 000,020,063 | ---- | C] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
[2013/01/20 15:53:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/20 15:53:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/20 15:53:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/20 15:53:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/20 15:53:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/11 11:23:31 | 000,239,072 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
[2013/01/10 11:27:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/09 21:46:26 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/07 20:48:36 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg
[2012/09/09 16:13:29 | 000,298,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1383384898-682003330-1003-0.dat
[2012/09/02 21:52:07 | 000,173,974 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/28 18:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xscan.INI
[2012/03/25 22:10:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/14 22:48:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 13:51:10 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/03 13:51:05 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/03 13:51:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/26 15:39:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 11:36:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/04 19:13:08 | 000,006,431 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Cabos.plist
[2009/11/10 18:29:52 | 000,000,040 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/24 10:48:40 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 08:36:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\fusioncache.dat
[2009/05/16 22:28:11 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Johnson\default.pls

========== ZeroAccess Check ==========

[2009/05/15 20:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 04:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/08/22 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/12/03 12:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiMedia
[2012/05/25 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2012/01/12 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/11/10 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/15 08:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/23 20:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\.minecraft
[2012/01/21 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Cabos
[2011/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Catalina Marketing Corp
[2010/11/16 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\DDMSettings
[2012/03/06 21:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\FrostWire
[2010/08/22 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\GARMIN
[2012/03/26 08:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HotSync
[2012/11/14 03:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC
[2012/08/15 10:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/03/15 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\ImgBurn
[2012/01/21 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\LimeWire
[2012/02/24 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Motorola
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\MP3Rocket
[2012/09/12 19:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\OpenOffice.org
[2012/01/01 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\redsn0w
[2012/01/12 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Samsung
[2012/05/09 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Seas0nPass
[2012/02/13 17:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Sierra Wireless
[2009/07/23 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Smith Micro
[2010/09/28 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Thunderbird
[2011/08/31 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Tific
[2010/10/19 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\webex
[2009/05/15 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Desktop Search
[2009/05/15 20:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Search

========== Purity Check ==========



< End of report >
 
[2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions
[2010/09/28 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/07 08:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/01/19 12:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions
[2012/10/03 10:21:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/22 17:40:30 | 000,000,000 | ---D | M] (Column Bookmarks FF3) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\ColumnBookmarksFF3@dischert.luc
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin
[2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
[2011/06/29 08:58:46 | 000,005,563 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\MulticolumnBookmarks@Maxim.Kudimov.xpi
[2012/09/09 12:26:54 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/01/18 23:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 23:05:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/20 12:30:34 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/24 19:03:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/12 08:39:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:48:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/20 18:14:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe (Conexant)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiMedia.lnk = C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe (MiMedia LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Johnson\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242388420843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1357792319234 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4AD8E13-C008-4934-8004-4AF730CCFABE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Johnson/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 00:26:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\RK_Quarantine
[2013/01/20 20:12:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/20 18:27:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\PrivacIE
[2013/01/20 15:53:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/20 15:53:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/20 15:53:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/20 15:53:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/20 15:52:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/20 09:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\Laptop Fix
[2013/01/19 20:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/19 19:43:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/18 23:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/18 17:45:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/18 13:03:41 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/01/13 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Local Settings\Application Data\Updater21804
[2013/01/13 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion Plugin
[2013/01/12 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\My Documents\scienceposter
[2013/01/11 09:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johnson\Desktop\basket
[2013/01/10 11:27:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Johnson\IETldCache
[2013/01/09 22:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/01/09 22:44:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/01/09 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/01/09 22:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/01/09 22:06:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/01/09 22:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2013/01/09 22:01:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/01/09 21:59:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2013/01/09 21:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2013/01/09 21:58:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2013/01/08 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

========== Files - Modified Within 30 Days ==========

[2013/01/21 15:26:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 15:24:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA.job
[2013/01/21 14:58:15 | 000,020,063 | ---- | M] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
[2013/01/21 14:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/21 12:48:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/21 07:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 03:24:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core.job
[2013/01/20 20:57:44 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\PC Checkup 3 Weekly Scan.job
[2013/01/20 20:19:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/01/20 18:24:54 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/20 18:14:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/20 18:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/20 16:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2013/01/20 16:09:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/19 16:33:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2013/01/19 16:33:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2013/01/18 17:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/13 18:40:28 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Johnson\default.pls
[2013/01/11 11:23:31 | 000,239,072 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
[2013/01/11 08:25:17 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 08:25:16 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\Google Chrome.lnk
[2013/01/10 11:27:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/09 23:00:50 | 000,524,404 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 23:00:50 | 000,095,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 22:51:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/09 12:47:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 20:48:37 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg

========== Files Created - No Company Name ==========

[2013/01/21 14:58:14 | 000,020,063 | ---- | C] () -- C:\Documents and Settings\Johnson\My Documents\homework3-2.odt
[2013/01/20 15:53:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/20 15:53:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/20 15:53:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/20 15:53:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/20 15:53:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/11 11:23:31 | 000,239,072 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\ring_sizing_guide_US_2012.pdf
[2013/01/10 11:27:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/09 21:46:26 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/07 20:48:36 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\Johnson\Desktop\SLR.jpg
[2012/09/09 16:13:29 | 000,298,062 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-1383384898-682003330-1003-0.dat
[2012/09/02 21:52:07 | 000,173,974 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/06/28 18:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xscan.INI
[2012/03/25 22:10:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/14 22:48:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 13:51:10 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/03 13:51:05 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/03 13:51:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/26 15:39:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 11:36:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/04 19:13:08 | 000,006,431 | ---- | C] () -- C:\Documents and Settings\Johnson\Application Data\Cabos.plist
[2009/11/10 18:29:52 | 000,000,040 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/24 10:48:40 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 08:36:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Johnson\Local Settings\Application Data\fusioncache.dat
[2009/05/16 22:28:11 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Johnson\default.pls

========== ZeroAccess Check ==========

[2009/05/15 20:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/10/31 04:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/08/22 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/12/03 12:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiMedia
[2012/05/25 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2012/01/12 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/11/10 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/03/15 08:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/23 20:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\.minecraft
[2012/01/21 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Cabos
[2011/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Catalina Marketing Corp
[2010/11/16 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/26 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\DDMSettings
[2012/03/06 21:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\FrostWire
[2010/08/22 19:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\GARMIN
[2012/03/26 08:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HotSync
[2012/11/14 03:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC
[2012/08/15 10:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/03/15 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\ImgBurn
[2012/01/21 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\LimeWire
[2012/02/24 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Motorola
[2011/07/25 19:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\MP3Rocket
[2012/09/12 19:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\OpenOffice.org
[2012/01/01 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\redsn0w
[2012/01/12 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Samsung
[2012/05/09 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Seas0nPass
[2012/02/13 17:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Sierra Wireless
[2009/07/23 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Smith Micro
[2010/09/28 20:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Thunderbird
[2011/08/31 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Tific
[2010/10/19 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\webex
[2009/05/15 20:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Desktop Search
[2009/05/15 20:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnson\Application Data\Windows Search

========== Purity Check ==========



< End of report >
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    FF - prefs.js..extensions.enabledAddons: extension21804%40extension21804.com:0.87.11
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin
    [2013/01/13 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
All processes killed
========== OTL ==========
Prefs.js: extension21804%40extension21804.com:0.87.11 removed from extensions.enabledAddons
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale\en-US folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome folder moved successfully.
C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com folder moved successfully.
Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\ not found.
Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\defaults\ not found.
Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\locale\ not found.
Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\skin\ not found.
Folder C:\Documents and Settings\Johnson\Application Data\Mozilla\Firefox\Profiles\hsif6t0m.default\extensions\extension21804@extension21804.com\chrome\content\extensionCode\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Johnson\Desktop\Laptop Fix\cmd.bat deleted successfully.
C:\Documents and Settings\Johnson\Desktop\Laptop Fix\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Johnson
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 868754 bytes
->Java cache emptied: 1407046 bytes
->FireFox cache emptied: 218734787 bytes
->Google Chrome cache emptied: 15960662 bytes
->Flash cache emptied: 111875 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: TEMP
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16823 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 213538 bytes

Total Files Cleaned = 226.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222013_175303

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_178.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






C:\Program Files\Coupon Companion Plugin\Uninstall.exe multiple threats cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E67E5936-455A-471C-9190-918380CCD3A9}\RP1386\A0139176.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{E67E5936-455A-471C-9190-918380CCD3A9}\RP1388\A0139436.exe multiple threats cleaned by deleting - quarantined
 
Let's make it run even better!

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.


Please download SilentRunners
  • Save it to the desktop.
  • Run Silent Runner's by clicking on the "Silent Runners" icon on your desktop.
  • You will receive a prompt: Do you want to skip supplementary searches? click NO
  • If you receive an error just click OK and click it to run it again.
  • A text file will appear on your desktop - it may take a while to complete its run
  • Once you receive the prompt All Done!, open the text , copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
 
"Silent Runners.vbs", revision 68, http://www.silentrunners.org/
Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [Nero AG]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
amd_dc_opt = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [AMD]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics Incorporated]
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh]
SmAudio = C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c [Conexant]
QlbCtrl.exe = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [ Hewlett-Packard Development Company, L.P.]
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Cyberlink Corp.]
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [MS]
nwiz = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [NVIDIA Corporation]
DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]
Nike+ Connect = "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [Nike]
HTC Sync Loader = "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [null data]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video>
-> {HKLM…CLSID} = DivX Plus Web Player HTML5 <video>
\InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC]

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Symantec NCO BHO
-> {HKLM…CLSID} = Symantec NCO BHO
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention
-> {HKLM…CLSID} = Symantec Intrusion Prevention
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL [Symantec Corporation]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM…CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

a_MiMediaFiles_MonitoredFolder\(Default) = {C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}
-> {HKLM…CLSID} = IconOverlay_MonitoredFolder Class
\InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

a_MiMediaFiles_SynchronizationPending\(Default) = {FAD5EA38-2D1D-485D-9B07-D35EB72B922E}
-> {HKLM…CLSID} = IconOverlay_SynchronizationPending Class
\InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

a_MiMediaFiles_Synchronized\(Default) = {69DE75F6-60E6-4E55-B416-171941A5C73E}
-> {HKLM…CLSID} = IconOverlay_Synchronized Class
\InProcServer32\(Default) = C:\Program Files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll [MiMedia]

OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C}
-> {HKLM…CLSID} = OverlayExcluded Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
-> {HKLM…CLSID} = OverlayPending Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148}
-> {HKLM…CLSID} = OverlayProtected Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{97090E2F-3062-4459-855B-014F0D3CDBB1} = Windows Search Deskbar
-> {HKCU…CLSID} = Windows Search Deskbar
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]
-> {HKLM…CLSID} = Windows Search Deskbar
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\deskbar.dll [MS]

{13E7F612-F261-4391-BEA2-39DF4F3FA311} = Windows Desktop Search
-> {HKLM…CLSID} = Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\msnlExt.dll [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [file not found]

{e57ce731-33e8-4c51-8354-bb4de9d215d1} = Universal Plug and Play Devices
-> {HKLM…CLSID} = Universal Plug and Play Devices
\InProcServer32\(Default) = C:\WINDOWS\system32\upnpui.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper
-> {HKLM…CLSID} = NVIDIA CPL Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer
-> {HKLM…CLSID} = Desktop Explorer
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu
-> {HKLM…CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM…CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{DCB5B297-65AE-46d8-93C9-FA4559783552} = MiMedia Virtual Drive
-> {HKLM…CLSID} = MiMedia
\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [MS]

{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
-> {HKLM…CLSID} = NeroDigitalIconHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
-> {HKLM…CLSID} = NeroDigitalPropSheetHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

{3028902F-6374-48b2-8DC6-9725E775B926} = IE Microsoft AutoComplete
-> {HKLM…CLSID} = IE Microsoft AutoComplete
\InProcServer32\(Default) = C:\WINDOWS\system32\browseui.dll [MS]

{8856f961-340a-11d0-a96b-00c04fd705a2} = Microsoft Web Browser
-> {HKLM…CLSID} = Microsoft Web Browser
\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {56F9679E-7826-4C84-81F3-532071A8BCC5} = (no title provided)
-> {HKLM…CLSID} = Windows Desktop Search Namespace Manager
\InProcServer32\(Default) = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [MS]

<<!>> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = (no title provided)
-> {HKLM…CLSID} = SABShellExecuteHook Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [SuperAdBlocker.com]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> cdo\CLSID = {CD00020A-8B95-11D1-82DB-00C04FB1625D}
-> {HKLM…CLSID} = Microsoft PKM KnowledgePluggable Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [MS]

<<!>> mso-offdap\CLSID = {3D9F03FA-7A94-11D3-BE81-0050048385D1}
-> {HKLM…CLSID} = Data Page Pluggable Protocol mso-offdap Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = BUContextMenu Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\NavShExt.dll" [Symantec Corporation]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM…CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C}
-> {HKLM…CLSID} = BuPropertySheet Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
-> {HKLM…CLSID} = SASContextMenu Class
\InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
-> {HKLM…CLSID} = nView Desktop Context Menu
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation]

NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}
-> {HKLM…CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
-> {HKLM…CLSID} = NeroDigitalColumnHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = BUContextMenu Class
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\buShell.dll [Symantec Corporation]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\NavShExt.dll" [Symantec Corporation]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
-> {HKLM…CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\ss3dfo.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPUnloadAutoplay\
Provider = HP Image Zone
InvokeProgID = HpqUnApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [file not found]

ImgBurnBDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleBDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [null data]

ImgBurnBDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleBDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

ImgBurnCDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleCDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

ImgBurnCDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleCDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

ImgBurnDVDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleDVDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

ImgBurnDVDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleDVDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

ImgBurnHDDVDBurningOnArrival_BuildImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleHDDVDBurningOnArrival_BuildImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1" [LIGHTNING UK!]

ImgBurnHDDVDBurningOnArrival_BurnImage\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = HandleHDDVDBurningOnArrival_BurnImage
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1" [LIGHTNING UK!]

ImgBurnPlayBluRayOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayBluRayOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

ImgBurnPlayCDAudioOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayCDAudioOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

ImgBurnPlayDVDMovieOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayDVDMovieOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

ImgBurnPlayHDDVDOnArrival_ReadDisc\
Provider = ImgBurn
InvokeProgID = ImgBurn.AutoPlay.1
InvokeVerb = PlayHDDVDOnArrival_ReadDisc
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = "C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1" [LIGHTNING UK!]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [null data]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

NeroAutoPlay7CDAudio\
Provider = Nero SoundTrax
InvokeProgID = Nero.AutoPlay3
InvokeVerb = HandleCDBurningOnArrival_CDAudio
HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe / [Nero AG]

NeroAutoPlay7CopyCD\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay3
InvokeVerb = PlayMusicFilesOnArrival_CopyCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\PlayMusicFilesOnArrival_CopyCD\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy /Drive:%L [Nero AG]

NeroAutoPlay7PlayAudioCD\
Provider = Nero ShowTime
InvokeProgID = Nero.AutoPlay3
InvokeVerb = PlayCDAudioOnArrival_PlayAudioCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay3\shell\PlayCDAudioOnArrival_PlayAudioCD\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L [null data]

PDVDPlayDVDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\Documents and Settings\Default User\Local Settings\History\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

C:\Documents and Settings\Default User\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

C:\Documents and Settings\Johnson\Local Settings\Application Data\Microsoft\Feeds Cache\NK7IREVC\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [null data]


Startup items in "Johnson" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Johnson\Start Menu\Programs\Startup {++}
PdaNet Desktop -> shortcut to: C:\Program Files\PdaNet for Android\PdaNetPC.exe [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup {++}
Microsoft Office -> shortcut to: C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l [MS]
MiMedia -> shortcut to: C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe C:\Program Files\MiMedia LLC\MiMedia\MiMedia-logo2.ico [null data]
Secunia PSI Tray -> shortcut to: C:\Program Files\Secunia\PSI\psi_tray.exe [Secunia]
Windows Search -> shortcut to: C:\Program Files\Windows Desktop Search\WindowsSearch.exe /startup [MS]


Enabled Scheduled Tasks: {++}
------------------------

Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Google Software Updater -> launches: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start [Google]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003Core -> launches: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1454471165-1383384898-682003330-1003UA -> launches: C:\Documents and Settings\Johnson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MotoHelper MUM -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -MUM [null data]
MotoHelper Routing -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -r [null data]
MotoHelper Update -> launches: C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe -d -silent [null data]
PC Checkup 3 Weekly Scan -> launches: C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe -hide -mode=scheduled [Symantec Corporation]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 22 - 23


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
-> {HKLM…CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
-> {HKLM…CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar
-> {HKLM…CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll [Symantec Corporation]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}\
MenuText = We-Care Add-on
CLSIDExtension = {6ED0A312-78F5-493C-A90C-5DAF321D0BF8}
-> {HKLM…CLSID} = EDReminder Class
\InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Program Files\Messenger\msmsgs.exe [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> NavigationFailure = res://shdoclc.dll/navcancl.htm [MS]
<<H>> DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm [MS]
<<H>> NavigationCanceled = res://shdoclc.dll/navcancl.htm [MS]
<<H>> OfflineInformation = res://shdoclc.dll/offcancl.htm [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [null data]
Common Client Job Manager Service, PCCUJobMgr, "C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.11.20\diMaster.dll" /prefetch:1 [Symantec Corporation]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" [Hewlett-Packard Development Company, L.P.]
Internet Pass-Through Service, PassThru Service, C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
MotoHelper Service, MotoHelper, C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [null data]
Norton PC Checkup Application Launcher, Norton PC Checkup Application Launcher, C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe /s [Symantec Corporation]
Norton Security Suite, N360, "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [Symantec Corporation]
NVIDIA Display Driver Service, nvsvc, C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\system32\HPZipm12.exe [HP]
Secunia PSI Agent, Secunia PSI Agent, "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [null data]
Secunia Update Agent, Secunia Update Agent, "C:\Program Files\Secunia\PSI\sua.exe" --start-service [Secunia]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup {C:\WINDOWS\System32\WUDFSvc.dll [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, "C:\Program Files\Windows Media Player\WMPNetwk.exe" [MS]
Windows Search, WSearch, C:\WINDOWS\system32\SearchIndexer.exe /Embedding [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (title not found)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Speed up startup and speed with StartUpLite: http://www.malwarebytes.org/products/startuplite/

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Secunia PSI (3.0.0.0004)
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner (remove only)
Java(TM) 6 Update 31
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Mozilla Thunderbird (17.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 
Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Check your paypal to make sure your donation arrived. What was my computer actually infected with? In your opinion what is the best antivirus program out there these days?

Thanks Again
 
Got it! Thanks a lot! :D

As for what you were infected with... quite a bit of adware, and a browser hijacking trojan. We removed all of it, thank goodness.

I'd say there is no "best" antivirus program, but if you go with something free, choose avast! Free edition or Avira Free.

Feel free to get a good review of antivirus software here, especially if you choose something paid: http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/
 
Back