Page 1 of 2 12 LastLast
Results 1 to 10 of 38

Thread: Case of "IDP.Trojan.1C8D1A13 and Crypt.AQLW"

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2012-04-11, 01:57 #1
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    thanks in advance for your help.
    two questions.

    1) I'm using AVG now. I've noticed you guys tend to recommend avast or the MS security essentials.
    Should I switch?

    2) what's your gut feeling about fix vs reformat?
    I always recommend either avast or Microsoft Security Essentials. They are both quality antivirus programs and are free. AVG (in my experience) is a resource hog and I have seen it slow systems down a lot. If you would like to try one of the ones I mentioned let me know and I can provide the AVG removal tool and the link to the new antivirus you would like.

    The infection you have is the real deal; however, it can be fixed. I have had pretty good luck so far cleaning it so we can always go for it and if it gets too crazy for you we can just format if that is what you would like to do.

    For the time being let's try to clean your system...

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    ----------
  2. 2012-04-11, 03:38 #2
    jmaeir
    jmaeir is offline
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Hi,

    Reporting back.

    Disabled AVG and Ad-Aware
    Ran ComboFix
    It reported that AVG and AdAware were still active, I validated that they were turned off and their processes were deactivated.

    ComboFix ran the scan, completed steps 1-10(?), continued to delete files and got stuck deleting an NTinstall directory.
    After it sat there for 30 min, I logged out of the account, rebooted

    Of course, there is not a log file to report.

    What now?
    Thanks,

    Josh
  3. 2012-04-11, 04:13 #3
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
    ----------

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services

:OTL
SRV - (qserver) -- C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111...0000219743274e
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{96b200c9-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{96b20386-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
NetSvcs: qserver - C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
[2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/04/09 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/10 12:04:19 | 000,054,272 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 21:20:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

:Files
C:\Windows\System32\se44mdfl.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    ----------
  4. 2012-04-11, 04:49 #4
    jmaeir
    jmaeir is offline
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Yeeeeeehaw!


    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Service qserver stopped successfully!
    Service qserver deleted successfully!
    File C:\Windows\System32\se44mdfl.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
    C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    C:\Windows\Downloaded Program Files\popcaploader.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
    File D:\SuperLink.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16582345-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16582345-c3f4-11df-a467-00219743274e}\ not found.
    File D:\SuperLink.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96b200c9-8873-11de-ab76-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96b200c9-8873-11de-ab76-00219743274e}\ not found.
    File D:\Installer.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96b20386-8873-11de-ab76-00219743274e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96b20386-8873-11de-ab76-00219743274e}\ not found.
    File D:\Installer.exe not found.
    qserver removed from NetSvcs value successfully!
    File C:\Windows\System32\se44mdfl.dll not found.
    C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
    C:\Users\Belle\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
    C:\Users\Belle\AppData\Local\Babylon\Setup folder moved successfully.
    C:\Users\Belle\AppData\Local\Babylon folder moved successfully.
    C:\Users\Belle\AppData\Roaming\Babylon folder moved successfully.
    C:\ProgramData\Babylon folder moved successfully.
    C:\Users\Shuki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
    File C:\Windows\System32\dds_trash_log.cmd not found.
    ========== FILES ==========
    File\Folder C:\Windows\System32\se44mdfl.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Belle
    ->Temp folder emptied: 4298298 bytes
    ->Temporary Internet Files folder emptied: 320842053 bytes
    ->Java cache emptied: 30584303 bytes
    ->FireFox cache emptied: 61059511 bytes
    ->Flash cache emptied: 50008 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Shuki
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2711074652 bytes
    ->Java cache emptied: 27963535 bytes
    ->FireFox cache emptied: 7845689 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 183124 bytes

    User: Tuvya
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 84116292 bytes
    ->Java cache emptied: 1022503 bytes
    ->Flash cache emptied: 41811 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1941 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3,099.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04102012_223725

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  5. 2012-04-11, 13:31 #5
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Looks like we got a good bit.

    Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  6. 2012-04-11, 13:47 #6
    jmaeir
    jmaeir is offline
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Sure did!

    What now?
  7. 2012-04-11, 19:30 #7
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Run a new scan with OTL and post that so we can see how the fix went.
  8. 2012-04-11, 22:13 #8
    jmaeir
    jmaeir is offline
    Junior Member
    Join Date
    Apr 2012
    Posts
    22

    Default

    Here you go.

    OTL logfile created on: 4/11/2012 4:07:44 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.21% Memory free
    6.22 Gb Paging File | 4.97 Gb Available in Paging File | 79.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 280.06 Gb Total Space | 188.57 Gb Free Space | 67.33% Space Free | Partition Type: NTFS

    Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Belle\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    MOD - C:\Windows\System32\IcnOvrly.dll ()
    MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
    MOD - C:\Program Files\Lenovo\Healthcare\Health.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
    MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (ZTEusbser6k) -- %systemroot%\system32\RioS30.dll File not found
    SRV - (z525mgmt) -- %systemroot%\system32\sdhelper.dll File not found
    SRV - (Xponaut_WBD) -- %systemroot%\system32\lvusbsta.dll File not found
    SRV - (Winmgmt) -- %SystemRoot%\system32\wbem\WMIsvc.dllHttpAutoProxySvc\Parameters File not found
    SRV - (wdelmgr20) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (wceusbsh) -- %systemroot%\system32\PNDIS5.dll File not found
    SRV - (w800obex) -- %systemroot%\system32\eamon.dll File not found
    SRV - (VX1000) -- %systemroot%\system32\dphost.dll File not found
    SRV - (vrservice) -- %systemroot%\system32\PGPdisk.dll File not found
    SRV - (vetfddnt) -- %systemroot%\system32\ICAM3NT5.dll File not found
    SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- %systemroot%\system32\fsaua.dll File not found
    SRV - (USRpdA) -- %systemroot%\system32\qhwscsvc.dll File not found
    SRV - (ups) -- %systemroot%\system32\cccredmgr.dll File not found
    SRV - (UMAXPCLS) -- %systemroot%\system32\npkcusb.dll File not found
    SRV - (UBHelper) -- %systemroot%\system32\p3.dll File not found
    SRV - (THREADORDER) -- %SystemRoot%\system32\mmcss.dlll File not found
    SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe File not found
    SRV - (symmpi) -- %systemroot%\system32\sansaservice.dll File not found
    SRV - (SrvcSSIOMngr) -- %systemroot%\system32\btwaudio.dll File not found
    SRV - (srescan) -- %systemroot%\system32\tabletservice.dll File not found
    SRV - (SndTDriverV32) -- %systemroot%\system32\gagp30kx.dll File not found
    SRV - (SiS7018) -- %systemroot%\system32\i8042prt.dll File not found
    SRV - (ShellHWDetection) -- %SystemRoot%\System32\shsvcs.dlls\ShellHWDetection\Parameters File not found
    SRV - (sfhlp02) -- %systemroot%\system32\idechndr.dll File not found
    SRV - (serialkeys) -- %systemroot%\system32\USBCamera.dll File not found
    SRV - (ser2plms) -- %systemroot%\system32\s116mdfl.dll File not found
    SRV - (SE2Emdfl) -- %systemroot%\system32\avsvcmonitor.dll File not found
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (retrolauncher) -- %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
    SRV - (regmanserv) -- %systemroot%\system32\NuidFltr.dll File not found
    SRV - (QWAVE) -- %windir%\system32\qwave.dlldc.exe File not found
    SRV - (PTDCMdm) -- %systemroot%\system32\ctxcpusched.dll File not found
    SRV - (phc600) -- %systemroot%\system32\SaiH040B.dll File not found
    SRV - (pelusblf) -- %systemroot%\system32\Wpsnuio.dll File not found
    SRV - (patrol_scheduler) -- %systemroot%\system32\mscsptisrv.dll File not found
    SRV - (NxSysMon) -- %systemroot%\system32\atkkeyboardservice.dll File not found
    SRV - (NWADI) -- %systemroot%\system32\SE2Dmgmt.dll File not found
    SRV - (ntrtscan) -- %systemroot%\system32\client32.dll File not found
    SRV - (MRESP50a64) -- %systemroot%\system32\RVIEG01.dll File not found
    SRV - (MRESP50) -- %systemroot%\system32\savscan.dll File not found
    SRV - (mcdbus) -- %systemroot%\system32\pop3d32.dll File not found
    SRV - (LVRS) -- %systemroot%\system32\se58mdm.dll File not found
    SRV - (lvhidsvc) -- %systemroot%\system32\WinVd32.dll File not found
    SRV - (iwebcal) -- %systemroot%\system32\MSMQ.dll File not found
    SRV - (ICAM5USB) -- %systemroot%\system32\commserver.dll File not found
    SRV - (gtndis5) -- %systemroot%\system32\aspi32.dll File not found
    SRV - (GTF32BUS) -- %systemroot%\system32\lvmvdrv.dll File not found
    SRV - (GT890x) -- %systemroot%\system32\Intels51.dll File not found
    SRV - (FVNETusb) -- %systemroot%\system32\LC7981.dll File not found
    SRV - (fsma) -- %systemroot%\system32\T6963C.dll File not found
    SRV - (Evian) -- %systemroot%\system32\nim32.dll File not found
    SRV - (emu10k1) -- %systemroot%\system32\se59unic.dll File not found
    SRV - (EACSys) -- %systemroot%\system32\se58nd5.dll File not found
    SRV - (DynDNS_Updater_Service) -- %systemroot%\system32\MSFWHLPR.dll File not found
    SRV - (dladresm) -- %systemroot%\system32\qfcoresvc.dll File not found
    SRV - (DivisCTS) -- %systemroot%\system32\mqdmmdfl.dll File not found
    SRV - (dashsvc) -- %systemroot%\system32\avg7alrt.dll File not found
    SRV - (cypresslink) -- %systemroot%\system32\pdiddcci.dll File not found
    SRV - (ctljystk) -- %systemroot%\system32\fips.dll File not found
    SRV - (cqmgserv) -- %systemroot%\system32\PdiPorts.dll File not found
    SRV - (cqcpu) -- %systemroot%\system32\btserial.dll File not found
    SRV - (cdrbsdrv) -- %systemroot%\system32\slave.dll File not found
    SRV - (cachemgr) -- %systemroot%\system32\BCM43XV.dll File not found
    SRV - (ATIVXSTW) -- %systemroot%\system32\omsad.dll File not found
    SRV - (arcltsrv) -- %systemroot%\system32\EACSvrMngr.dll File not found
    SRV - (agnwifi) -- %systemroot%\system32\contentfilter.dll File not found
    SRV - (a016mdm) -- %systemroot%\system32\ikfilesec.dll File not found
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
    SRV - (WINDEFEND) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (catchme) -- C:\Users\Belle\AppData\Local\Temp\catchme.sys File not found
    DRV - (BVRPMPR5) -- C:\Windows\system32\drivers\BVRPMPR5.SYS File not found
    DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
    DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
    DRV - (WinI2C-DDC) -- C:\Windows\System32\drivers\ddcdrv.sys (Nicomsoft Ltd.)
    DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{20CB2A00-D282-4C69-B6AF-07FE9F69B835}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms}
    IE - HKCU\..\SearchScopes\{5D395B13-5CD2-4BF8-A77B-D8A043EE7C35}: "URL" = http://search.avg.com/route/?d=4cdf1a31&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
    IE - HKCU\..\SearchScopes\{F210D498-6131-45D7-91C7-F82B692C7552}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Belle\Program Files\DNA\plugins\npbtdna.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:54:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 23:05:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:12:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Belle\Program Files\DNA
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]

    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shuki\AppData\Roaming\Mozilla\Extensions
    [2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2012/04/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions
    [2012/03/06 23:45:23 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions\anttoolbar@ant.com
    [2012/04/01 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/01 11:33:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/03/06 23:05:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/04/09 12:42:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BELLE\APPDATA\ROAMING\IDM\IDMMZCC5
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
    () (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
    [2012/03/19 09:12:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] C:\Windows\test.bat File not found
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Co...erAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/11 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Unity
    [2012/04/10 22:37:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/10 21:12:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\temp
    [2012/04/10 21:12:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/10 20:36:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/10 20:36:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/10 20:36:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/10 20:36:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/10 20:36:38 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/04/10 20:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/10 20:25:48 | 004,455,939 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 15:24:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ERDNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/04/09 17:55:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 16:55:40 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\IDM
    [2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\DMCache
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2012/04/09 12:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
    [2012/04/09 12:40:46 | 004,489,152 | ---- | C] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/04/09 11:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/04/09 11:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    [2012/04/09 11:07:03 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/04/09 11:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/04/04 13:13:38 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\Belle\Documents\NetBeansProjects
    [2012/04/02 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Belle\.m2
    [2012/04/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Belle\.netbeans
    [2012/04/02 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
    [2012/04/02 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.1.1
    [2012/04/02 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/04/02 17:05:57 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:57 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/02 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\.nbi
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/04/01 04:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2012/03/29 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Malwarebytes
    [2012/03/29 22:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/29 16:36:48 | 000,072,080 | ---- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/16 07:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
    [2012/03/15 08:17:39 | 000,000,000 | ---D | C] -- C:\Users\Belle\Desktop\Agile

    ========== Files - Modified Within 30 Days ==========

    [2012/04/11 16:10:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
    [2012/04/11 16:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
    [2012/04/11 16:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
    [2012/04/11 15:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
    [2012/04/11 15:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 14:04:31 | 000,000,680 | ---- | M] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2012/04/11 12:26:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/11 11:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
    [2012/04/11 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/11 10:53:31 | 000,056,320 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/11 10:25:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/04/11 08:48:15 | 094,521,641 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/04/10 23:22:04 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2012/04/10 23:22:04 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2012/04/10 23:21:46 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2012/04/10 20:26:02 | 004,455,939 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
    [2012/04/10 17:49:12 | 000,355,579 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/04/10 16:38:26 | 000,741,758 | ---- | M] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/10 15:33:25 | 000,749,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/10 15:33:25 | 000,159,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/10 15:24:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
    [2012/04/09 17:56:31 | 000,000,714 | ---- | M] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
    [2012/04/09 17:29:10 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 12:40:58 | 004,489,152 | ---- | M] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
    [2012/04/09 11:17:57 | 000,000,237 | ---- | M] () -- C:\user.js
    [2012/04/08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2012/04/05 13:32:52 | 007,131,152 | ---- | M] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/04 13:13:38 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
    [2012/04/04 13:13:26 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
    [2012/04/04 13:13:22 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
    [2012/04/02 17:13:38 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/04/02 17:05:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012/04/02 17:05:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/04/02 17:05:11 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/04/01 11:32:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/29 16:36:48 | 000,072,080 | ---- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
    [2012/03/27 14:51:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/03/22 22:23:52 | 000,027,436 | ---- | M] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | M] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf

    ========== Files Created - No Company Name ==========

    [2012/04/10 20:36:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/10 20:36:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/10 20:36:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/10 20:36:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/10 20:36:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/10 16:38:26 | 000,741,758 | ---- | C] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
    [2012/04/10 16:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Belle\Documents\MBR.dat
    [2012/04/09 17:56:31 | 000,000,714 | ---- | C] () -- C:\Users\Belle\Desktop\ERUNT.lnk
    [2012/04/09 17:26:31 | 000,000,408 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2012/04/09 11:17:56 | 000,000,237 | ---- | C] () -- C:\user.js
    [2012/04/05 13:32:15 | 007,131,152 | ---- | C] () -- C:\Users\Belle\Desktop\w_infk15.pdf
    [2012/04/02 17:13:38 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
    [2012/03/29 22:20:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/22 22:23:52 | 000,027,436 | ---- | C] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
    [2012/03/22 22:23:45 | 000,037,754 | ---- | C] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
    [2012/02/02 11:06:21 | 000,000,680 | ---- | C] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
    [2011/09/18 11:28:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011/04/23 20:20:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/04/23 20:20:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2010/09/22 07:51:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    < End of report >
  9. 2012-04-11, 23:44 #9
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Malwarebytes

    I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
    ----------

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on:
    • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    ----------

    In your next reply please post the logs made by Malwarebytes and ESET online scanner.
  10. 2012-04-12, 23:45 #10
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
*netbt.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules