Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Babylon Search Engine in Firefox and IE8

  1. 2012-08-09, 06:18 #11
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi,

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  2. 2012-08-09, 08:56 #12
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    Blade81

    As requested...

    OTL logfile created on: 09/08/2012 00:31:43 - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.99 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.95% Memory free
    5.82 Gb Paging File | 4.91 Gb Available in Paging File | 84.24% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 21.21 Gb Free Space | 28.46% Space Free | Partition Type: NTFS

    Computer Name: OLDGUY1 | User Name: My Dell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    PRC - C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\FirstClass\fcc32.exe (Open Text Inc.)
    PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
    PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
    PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Cerience\RepliGo\RepliGoMon.exe (Cerience Corporation)
    PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Modules (No Company Name) ==========

    MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
    MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
    MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d3f26ea8\mscorlib.dll ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\TELUS\TELUS security advisor\Windows7Features.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\system32\preflib.dll ()
    MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
    MOD - C:\WINDOWS\system32\nvshell.dll ()
    MOD - C:\WINDOWS\system32\wxvault.dll ()
    MOD - C:\WINDOWS\system32\detoured.dll ()
    MOD - C:\WINDOWS\system32\TspPopup_ENU.dll ()
    MOD - C:\WINDOWS\system32\Tsp.dll ()
    MOD - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AxAutoMntSrv) -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
    SRV - (ServicepointService) -- C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe (Radialpoint Inc.)
    SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
    SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
    SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (NETw5x32) -- system32\DRIVERS\NETw5x32.sys File not found
    DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
    DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\MYDELL~1.DEL\LOCALS~1\Temp\catchme.sys File not found
    DRV - (ah7k5a53) -- File not found
    DRV - (RapportCerberus_42020) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ()
    DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
    DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
    DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems)
    DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys ()
    DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {86AADEA9-2F6E-49C4-B041-EBB40C59E846}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{86AADEA9-2F6E-49C4-B041-EBB40C59E846}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: :1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\TELUS\TELUS security advisor\nprpspa.dll (TELUS)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/16 12:47:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 16:21:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 22:02:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 21:57:52 | 000,000,000 | ---D | M]

    [2010/11/21 13:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Extensions
    [2012/07/31 17:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\oe7zz5k2.default\extensions
    [2011/12/14 23:09:46 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\oe7zz5k2.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2010/11/29 11:37:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\oe7zz5k2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/14 23:10:07 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\oe7zz5k2.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/07/31 17:55:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\oe7zz5k2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/07/31 17:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\q4kenhyi.default\extensions
    [2010/11/20 05:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\q4kenhyi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/14 23:10:07 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\q4kenhyi.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2010/11/20 05:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\q4kenhyi.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2012/07/31 17:55:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\q4kenhyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/07/15 09:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/15 09:26:22 | 000,051,994 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MY DELL.DELL-713227D0BD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OE7ZZ5K2.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
    [2012/07/02 16:21:28 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
    [2012/07/18 22:02:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/10 17:49:35 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/07 15:02:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/07 15:02:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: TELUS security advisor (Enabled) = C:\Program Files\TELUS\TELUS security advisor\nprpspa.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2012/08/07 12:20:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (RepliGoIEHelperCtl Class) - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll (Cerience Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RepliGo) - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll (Cerience Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RepliGo) - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll (Cerience Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [RepliGo Assistant] C:\Program Files\Cerience\RepliGo\RepliGoMon.exe (Cerience Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Tsa.exe] C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
    O4 - Startup: C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/s.../SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab (DLM Control)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (LogMeIn Rescue Applet Downloader)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1287422520338 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} https://support.dell.com/systemprofi...SystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E24E7FC-B0E0-444F-86EA-C763C4CC3788}: DhcpNameServer = 192.168.1.254 75.153.176.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28683D82-E855-482F-B1E8-98B709DF761D}: DhcpNameServer = 142.161.130.155 142.161.2.155 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\wxvault.dll) - C:\WINDOWS\system32\wxvault.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/04/15 11:47:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/09 00:30:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\OTL.exe
    [2012/08/08 09:14:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/08/07 12:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/08/06 16:00:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/08/06 15:58:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/08/06 15:58:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/08/06 15:58:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/08/06 15:58:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/08/06 15:58:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/06 15:56:44 | 004,728,030 | R--- | C] (Swearware) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
    [2012/08/02 11:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/08/02 11:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/08/02 11:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/08/01 23:27:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Recent
    [2012/07/31 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\You Tube Tools
    [2012/07/31 17:58:26 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\WINDOWS\System32\Newtonsoft.Json.Net20.dll
    [2012/07/31 17:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoft
    [2012/07/31 17:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers
    [2012/07/31 17:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
    [2012/07/31 17:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
    [2012/07/31 17:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
    [2012/07/31 17:55:17 | 000,000,000 | ---D | C] -- C:\My Files\DVDVideoSoft
    [2012/07/31 17:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Youtube Downloader HD
    [2012/07/31 17:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Youtube Downloader HD
    [2012/07/31 17:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
    [2012/07/31 17:01:50 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\My Files\FileZilla_3.5.3_win32-setup.exe
    [2012/07/31 01:17:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/07/29 20:52:38 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2012/07/28 23:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\YourFileDownloader
    [2012/07/28 16:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/07/28 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/22 10:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon Client Removal Tool
    [2012/07/16 12:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2012/07/10 17:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\The KMPlayer
    [2012/07/10 17:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
    [2012/07/10 17:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
    [2012/07/10 17:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
    [2012/07/10 17:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
    [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\My Dell.DELL-713227D0BD\*.tmp files -> C:\Documents and Settings\My Dell.DELL-713227D0BD\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/09 00:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\OTL.exe
    [2012/08/09 00:26:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/09 00:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/08/08 17:33:15 | 103,245,975 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/08/08 15:26:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/08 07:53:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/08 07:52:53 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2012/08/08 07:52:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/08 07:52:08 | 3210,862,592 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/07 15:52:14 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/07 14:24:34 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
    [2012/08/07 12:20:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/08/07 12:07:05 | 004,728,030 | R--- | M] (Swearware) -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
    [2012/08/06 17:54:47 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 7.0 Professional.lnk
    [2012/08/06 16:00:20 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2012/08/05 17:21:08 | 000,284,962 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/08/04 16:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/02 23:20:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/02 23:20:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/08/02 11:44:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/08/01 16:23:14 | 000,068,187 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Flts 16 Aug.pdf
    [2012/08/01 16:21:55 | 000,076,433 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Flts 15_20 Aug.pdf
    [2012/08/01 16:19:53 | 000,018,972 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\YYJ_YYC_YYJ.pdf
    [2012/08/01 16:19:34 | 000,018,899 | ---- | M] () -- C:\My Files\YYJ_YYC_YYJ.pdf
    [2012/07/31 17:02:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\FileZilla Client.lnk
    [2012/07/31 17:01:56 | 004,518,720 | ---- | M] (FileZilla Project) -- C:\My Files\FileZilla_3.5.3_win32-setup.exe
    [2012/07/31 01:23:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2012/07/28 16:50:56 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/07/24 23:19:32 | 000,051,966 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Apprentice_Cook_-_Student_Required_Supplies_and_Tools-10-11.pdf
    [2012/07/22 16:12:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/16 12:47:14 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/07/15 18:35:33 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\dt.dat
    [2012/07/12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\WINDOWS\System32\Newtonsoft.Json.Net20.dll
    [2012/07/10 21:54:12 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
    [2012/07/10 17:52:01 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\KMPlayer.lnk
    [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\My Dell.DELL-713227D0BD\*.tmp files -> C:\Documents and Settings\My Dell.DELL-713227D0BD\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/06 16:00:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2012/08/06 16:00:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/08/06 15:58:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/08/06 15:58:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/08/06 15:58:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/08/06 15:58:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/08/06 15:58:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/08/02 11:44:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/08/01 16:23:14 | 000,068,187 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Flts 16 Aug.pdf
    [2012/08/01 16:21:55 | 000,076,433 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Flts 15_20 Aug.pdf
    [2012/08/01 16:19:53 | 000,018,972 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\YYJ_YYC_YYJ.pdf
    [2012/08/01 16:19:34 | 000,018,899 | ---- | C] () -- C:\My Files\YYJ_YYC_YYJ.pdf
    [2012/07/28 16:50:56 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/07/24 23:19:32 | 000,051,966 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Apprentice_Cook_-_Student_Required_Supplies_and_Tools-10-11.pdf
    [2012/07/15 18:35:33 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\dt.dat
    [2012/07/10 21:54:05 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
    [2012/07/10 17:52:01 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\KMPlayer.lnk
    [2012/07/10 17:42:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2012/03/13 23:10:24 | 000,000,523 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/02/15 08:30:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/31 00:54:33 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2012/01/31 00:54:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2011/11/11 09:42:33 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\keyfile3.drm
    [2011/08/17 23:14:02 | 000,000,798 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
    [2011/08/09 14:49:24 | 000,003,720 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\TELUS_Wireless_Settings.html
    [2011/08/09 14:48:29 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Webmail.URL
    [2011/03/09 21:29:26 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/26 10:22:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2010/11/22 00:07:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2010/11/21 13:58:38 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
    [2010/11/21 13:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/11/21 13:13:56 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
    [2010/11/20 00:08:17 | 000,062,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/11/19 21:01:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\$_hpcst$.hpc
    [2010/11/19 20:21:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\PFP100JPR.{PB
    [2010/11/19 20:21:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\PFP100JCM.{PB
    [2010/11/16 17:33:44 | 000,009,342 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Comma Separated Values (Windows).EML
    [2010/10/18 08:26:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/09/03 09:47:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2010/09/03 09:47:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2010/09/03 09:47:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2006/06/20 23:35:49 | 000,003,539 | ---- | C] () -- C:\Program Files\old_SF.kml
    [2004/08/06 19:01:42 | 000,007,251 | ---- | C] () -- C:\Documents and Settings\My Dell.DELL-713227D0BD\Application Data\Microsoft Excel.EML

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.DS_Store:AFP_AfpInfo

    < End of report >
  3. 2012-08-09, 08:56 #13
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    And...

    OTL Extras logfile created on: 09/08/2012 00:31:43 - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.99 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.95% Memory free
    5.82 Gb Paging File | 4.91 Gb Available in Paging File | 84.24% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 21.21 Gb Free Space | 28.46% Space Free | Partition Type: NTFS

    Computer Name: OLDGUY1 | User Name: My Dell | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "56338:UDP" = 56338:UDP:*:Enabled:Color Network ScanGear

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1121:TCP" = 1121:TCP:*:Enabled:Akamai NetSession Interface
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
    "56338:UDP" = 56338:UDP:*:Enabled:Color Network ScanGear
    "86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Canon\Color Network ScanGear\SgTool.exe" = C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:Color Network ScanGear Tool -- (CANON INC.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Canon\Color Network ScanGear\SgTool.exe" = C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:Color Network ScanGear Tool -- (CANON INC.)
    "C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe" = C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
    "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
    "{368A06CC-909A-4F55-AF29-6CFCCEA02479}" = LibreOffice 3.5 Help Pack (English)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E5CA273-5771-450A-AFDD-C58DAD9205DC}" = Color Network ScanGear Ver.2.71
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{60EC0845-9930-4937-910B-53C9E28160BA}" = FODD v4 (December 2010)
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{85716B24-1074-4FA7-86A8-27A114225225}" = RPS CADR
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91219316-786C-4C9C-A84D-0B60D7046921}" = RPS CRT
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{BE40EC9E-9466-4288-916D-C1D6C13F4A40}" = upekmsi
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}" = Wave Infrastructure Installer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
    "{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}" = Preboot Manager
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
    "Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.4 Professional
    "Adobe Acrobat 7.0 Professional - V_714" = Adobe Acrobat 7.1.4 - CPSID_50030
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2012
    "BFG-Mahjong Escape Ancient China" = Mahjong Escape Ancient China
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DiskCheckup_is1" = DiskCheckup v3.1
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "ffdshow_is1" = ffdshow v1.1.4369 [2012-03-03]
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
    "GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "iLivid" = iLivid
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
    "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
    "InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "MahjongChamp" = Mahjong Champ
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "RadialpointClientGateway_is1" = TELUS security advisor 3.7.44
    "Rapport_msi" = Rapport
    "RepliGo" = RepliGo Desktop (remove only)
    "RepliGo PDF Mobilizer" = RepliGo PDF Mobilizer (remove only)
    "RepliGo Viewer" = RepliGo Viewer (remove only)
    "Space Hound 32" = Space Hound 32
    "SugarSync" = SugarSync Manager
    "TELUS" = TELUS Support Centre
    "The KMPlayer" = The KMPlayer (remove only)
    "Totalcmd" = Total Commander (Remove or Repair)
    "TreeSize Free_is1" = TreeSize Free V2.7
    "VLC media player" = VLC media player 2.0.2
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.5.4)
    "WordPerfect Office 2002" = WordPerfect Office 2002
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "FileZilla Client" = FileZilla Client 3.5.3

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/07/2012 02:16:30 | Computer Name = OLDGUY1 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\MY FILES\DOCUMENTS\AIR CANADA\2012 ARB AWARD\NC NEWSLETTER
    # 18.PDF> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    Error - 31/07/2012 03:10:18 | Computer Name = OLDGUY1 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 31/07/2012 03:10:18 | Computer Name = OLDGUY1 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 31/07/2012 03:10:18 | Computer Name = OLDGUY1 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 31/07/2012 03:10:18 | Computer Name = OLDGUY1 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 31/07/2012 03:11:13 | Computer Name = OLDGUY1 | Source = Broadcom ASF IP Monitor | ID = 0
    Description = !ERROR 53 Refreshing BMAPI data

    Error - 01/08/2012 08:33:41 | Computer Name = OLDGUY1 | Source = Broadcom ASF IP Monitor | ID = 0
    Description = !ERROR 53 Refreshing BMAPI data

    Error - 04/08/2012 00:29:34 | Computer Name = OLDGUY1 | Source = Application Error | ID = 1000
    Description = Faulting application , version 0.0.0.0, faulting module unknown, version
    0.0.0.0, fault address 0x00000000.

    Error - 07/08/2012 00:11:13 | Computer Name = OLDGUY1 | Source = Broadcom ASF IP Monitor | ID = 0
    Description = !ERROR 53 Refreshing BMAPI data

    Error - 07/08/2012 17:54:34 | Computer Name = OLDGUY1 | Source = Broadcom ASF IP Monitor | ID = 0
    Description = !ERROR 53 Refreshing BMAPI data

    [ System Events ]
    Error - 05/08/2012 09:57:31 | Computer Name = OLDGUY1 | Source = DCOM | ID = 10010
    Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
    with DCOM within the required timeout.

    Error - 06/08/2012 18:03:10 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 06/08/2012 18:03:10 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 06/08/2012 18:15:01 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 06/08/2012 18:15:01 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 06/08/2012 18:15:11 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 2 time(s).

    Error - 06/08/2012 23:11:12 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7000
    Description = The Parallel port driver service failed to start due to the following
    error: %%1058

    Error - 07/08/2012 14:09:27 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 07/08/2012 14:09:27 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7034
    Description = The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 07/08/2012 17:26:39 | Computer Name = OLDGUY1 | Source = Service Control Manager | ID = 7000
    Description = The Parallel port driver service failed to start due to the following
    error: %%1058


    < End of report >

    Thanks again...
  4. 2012-08-09, 08:59 #14
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi,

    Let's run OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

:Commands
[emptytemp]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log. Still the issue present?
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2012-08-09, 19:26 #15
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    Hi...

    As requested. The problem with Babylon is still there with Firefox, gone with IE8


    OTL log...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: My Dell

    User: My Dell.DELL-713227D0BD
    ->Temp folder emptied: 4015413 bytes
    ->Temporary Internet Files folder emptied: 672038 bytes
    ->Java cache emptied: 955521 bytes
    ->FireFox cache emptied: 70789225 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 523 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2588892 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 983 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 75.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08092012_103014

    Files\Folders moved on Reboot...
    C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Temp\WCESLog.log moved successfully.

    PendingFileRenameOperations files...
    File C:\Documents and Settings\My Dell.DELL-713227D0BD\Local Settings\Temp\WCESLog.log not found!

    Registry entries deleted on Reboot...
  6. 2012-08-10, 06:15 #16
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi,

    Please follow the steps 1-4 here to reset Firefox settings (it won't remove bookmarks). Let me know how it goes.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2012-08-10, 06:30 #17
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    Blade81

    That worked a real treat! Firefox is back to normal.

    It seems that the universe is now unfolding as it should!

    Thank you so much for your expertise and assistance.

    Regards

    Derek
    64 Impala
  8. 2012-08-10, 06:35 #18
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    Blade81

    Thanks again, I have made a donation to the "cause".

    Regards

    Derek

    64 Impala
  9. 2012-08-10, 06:54 #19
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    I'm glad that helped

    Let's see a list of the final steps.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis



    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK


    Next we remove OTL.

    • Double-click OTL.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.


    Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.


    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  10. 2012-08-12, 09:40 #20
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    12

    Default

    Hello

    Actions as requested.

    All appears well. The machine runs normally, with no other glitches that I have noticed.

    Once again, thank you for your help.

    Regards

    Derek
    64 Impala
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules